Freezing a Zone vs. Stopping the DNS Server

Timothe Litt litt at acm.org
Wed Sep 29 12:10:40 UTC 2021 

Why make manual changes to the zone file?  The zone is already
dynamically updated, so the usual reasons (formatting, structure,
in-line signing) don't apply.

Use nsupdate to add your entries.  Named will update the zone, handle
updating the serial number - an even do some validation on the records. 
It's easier, doesn't stop service, and because it automates the
mechanics, safer.

BTW: I recommend using TSIG for authorization with nsupdate rather than
IP addresses.


Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

On 29-Sep-21 07:41, Frank Kyosho Fallon wrote:
> Hi,
>
> Occasionally I need to add hosts manually to forward/reverse lookup
> zones in BIND 9.16. We also have ISC DHCP. Both are on a Mac Mini
> using MacPorts to install.
>
> Since dynamic updates are continually in progress, I understand I need
> to use *rndc**freeze zone* and *rndc**thaw zone* before and after
> making changes (including manually incrementing the sequence number). 
>
> Can I safely accomplish the same thing by issuing an *rndc stop*
> command? Would that allow me to make zone changes followed by an *rndc
> reload* command?
>
> Also, is it safe to simply reboot the server after OS updates, or is
> it necessary to manually stop the DNS server first?
>
> Does it matter where in the dynamically updated zone files I insert
> the new host A record and PTR record?
>
> With /etc/hosts I can add hosts on different subnets. To do that in
> DNS, do I first need to add a reverse zone for the additional subnet
> so that I can add PTR records to correspond to A records in the
> forward zone?
>
> Thanks for any light you can shed on this subject.
> -- 
> Frank Kyosho Fallon
> My pronouns are: He, HIm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210929/1d402cb7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210929/1d402cb7/attachment.bin>

More information about the bind-users mailing list