Dynamically add zones
Dan Durrer
dan at vitalwerks.com
Thu Jul 29 23:19:08 UTC 2010
Alan,
I was playing around with your example. I can get it to add the zone ( that is no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN: sending notifies (serial 12)
I also added the global option new-zone-file "my_new_zones.dat" and I see that file being populated with the new zones statements I've added via rndc.
The server however responds with a REFUSED for this zone or any others done via addzone.
If i take the zone option statement in my_new_zones.dat and apply them to named.conf and reconfig it resolves just fine. Anyone else experiencing this?
Can't wait for this feature to become finalized :)
Dan Durrer
No-IP.com
On Jul 28, 2010, at 8:08 PM, Alan Clegg wrote:
> On 7/28/2010 10:41 PM, Mike Flathers wrote:
>
>> Is there a patch for bind 9 to add new zones dynamically without
>> having to run rndc reconfig? The server stops answering queries when
>> reconfig is loading in the new config as the config grows this timeout
>> increases. I haven't hit the source code yet, but something like rndc
>> addzone zonename [config options | clone zone] would be nice :)
>
> Look for it in BIND 9.7.2
>
> Here's what I have that creates zones, makes them dynamic and signs them
> with no human interference (producing the DS record for the parent):
>
> ==SNIP==
> #!/bin/bash
> cd /etc/namedb
> cp template master/${1}
>
> rndc addzone ${1} { type master\;\
> file \"master/${1}\"\;\
> update-policy local\; \
> auto-dnssec maintain\; \
> }\;
>
> dnssec-keygen -f KSK -K /etc/namedb/keys $1
> dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key > ds/${1}
>
> dnssec-keygen -K /etc/namedb/keys $1
>
> rndc sign ${1}
> ==SNIP==
>
> Yes, no error checking, etc, but it works well as a proof-of-concept...
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list