Reverse zone reformatting after nsupdate execution

Ondřej Surý ondrej at isc.org
Wed Jan 27 13:29:16 UTC 2021 

You might want to change `masterfile-style` configuration option:

https://bind9.readthedocs.io/en/latest/reference.html?highlight=masterfile-style#tuning

Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

> On 27. 1. 2021, at 14:23, Ondřej Surý <ondrej at isc.org> wrote:
> 
> Greg,
> 
> there’s nothing wrong with the zone contents. $ORIGIN means “now append this to every name not ending with dot”.
> 
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
> 
>> On 27. 1. 2021, at 14:06, Greg Donohoe <dubgregd at gmail.com> wrote:
>> 
>> 
>> Hello. I am hoping that someone can help me to figure out the cause of an issue I am seeing when running nsupdate on my BIND9 server.
>> Below you will find all the the details as to how my server is configured and also the nsupdate commands that I am running.
>> 
>> The issue I am seeing is that I have configured a /16 10.10.in-addr.arpa reverse zone, however when I execute nsupdate the 10.10.in-addr.arpa.dns zone file re formats the $ORIGIN to a /24 156.10.10.in-addr.arpa.
>> This appears to be an issue with nsupdate rather than BIND itself as I can manually amend the 10.10.in-addr.arpa.dns zone file whcih always remains in a /16 format.
>> 
>> Please see below for details and if you need any further information please let me know.
>> 
>> ###############################
>> named.conf
>> ###############################
>> greg at hp-linux:/etc/bind$ cat named.conf
>> ##  OPTIONS
>> options {
>> directory "/var/cache/bind";
>> 
>>         recursion no;
>> listen-on port 53 { any; };
>> allow-query  { any; };
>> allow-update { any; };
>> 
>> forwarders {
>> 10.10.8.120;
>> 10.196.207.11;
>> };
>> 
>> dnssec-validation auto;
>> 
>> auth-nxdomain no;    # conform to RFC1035
>> listen-on-v6 { any; };
>> };
>> 
>> 
>> ## ZONES
>> # Zone statement for forward DNS lookups
>> zone "example.com" IN {
>>     type master;
>>     file "/etc/bind/master/example.com.dns";
>>     allow-update { any; };
>> };
>> zone "10.10.in-addr.arpa"  IN  {
>>     type master;
>>     file "/etc/bind/master/10.10.in-addr.arpa.dns";
>>     allow-update { any; };
>> };
>> 
>> ###################################################
>> The batch.txt file I use to run nsupdate
>> ###################################################
>> server 127.0.0.1
>> zone example.com
>> update add test.example.com 86400 IN A 10.10.156.37
>> send
>> server 127.0.0.1
>> zone 10.10.in-addr.arpa.
>> update add 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com
>> send
>> server 127.0.0.1
>> zone example.com
>> update add test1.example.com 86400 IN A 10.10.156.38
>> send
>> server 127.0.0.1
>> zone 10.10.in-addr.arpa.
>> update add 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com
>> send
>> 
>> ######################################################
>> nsupdate debug output
>> ######################################################
>> greg at hp-linux:/etc/bind/master$ nsupdate -D -v batch1.txt
>> setup_system()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  15755
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>> 
>> ;; UPDATE SECTION:
>> test.example.com. 86400 IN A 10.10.156.37
>> 
>> update_completed()
>> show_message()
>> 
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  15755
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>> 
>> done_update()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38067
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>> 
>> ;; UPDATE SECTION:
>> 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com.
>> 
>> update_completed()
>> show_message()
>> 
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38067
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>> 
>> done_update()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22045
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>> 
>> ;; UPDATE SECTION:
>> test1.example.com. 86400 IN A 10.10.156.38
>> 
>> update_completed()
>> show_message()
>> 
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22045
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>> 
>> done_update()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7571
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>> 
>> ;; UPDATE SECTION:
>> 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com.
>> 
>> update_completed()
>> show_message()
>> 
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7571
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>> 
>> done_update()
>> reset_system()
>> user_interaction()
>> cleanup()
>> Shutting down task manager
>> shutdown_program()
>> Shutting down request manager
>> Destroy DST lib
>> Destroying request manager
>> Freeing the dispatchers
>> Shutting down dispatch manager
>> Destroying event
>> Shutting down socket manager
>> Shutting down timer manager
>> Removing log context
>> Destroying memory context
>> greg at hp-linux:/etc/bind/master$ systemctl restart named.service
>> 
>> ######################################################
>> Forward zone file after the nsupdate
>> ######################################################
>> greg at hp-linux:/etc/bind/master$ cat example.com.dns
>> $ORIGIN .
>> $TTL 3600 ; 1 hour
>> example.com IN SOA ns1.example.com. admin\.example.com. (
>> 2          ; serial
>> 900        ; refresh (15 minutes)
>> 600        ; retry (10 minutes)
>> 1209600    ; expire (2 weeks)
>> 3600       ; minimum (1 hour)
>> )
>> NS ns1.example.com.
>> $ORIGIN example.com.
>> ns1 A 192.168.0.15
>> $TTL 86400 ; 1 day
>> test A 10.10.156.37
>> test1 A 10.10.156.38
>> 
>> ########################################################
>> Reverse zone file after the update
>> ########################################################
>> greg at hp-linux:/etc/bind/master$ cat 10.10.in-addr.arpa.dns
>> $ORIGIN .
>> $TTL 3600 ; 1 hour
>> 10.10.in-addr.arpa IN SOA ns1.example.com. admin\.example.com. (
>> 2          ; serial
>> 3600       ; refresh (1 hour)
>> 600        ; retry (10 minutes)
>> 1209600    ; expire (2 weeks)
>> 3600       ; minimum (1 hour)
>> )
>> NS ns1.example.com.
>> $ORIGIN 156.10.10.in-addr.arpa.
>> $TTL 86400 ; 1 day
>> 37 PTR test.example.com.
>> 38 PTR test1.example.com.
>> 
>> If any additional info is required please let me know and I will send it asap.
>> 
>> Look for to your response.
>> 
>> Rgds,
>> Greg Donohoe.
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>> 
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>> 
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210127/968ac8c9/attachment.bin>

More information about the bind-users mailing list