nsupdate apparently not working for me. What am I overlooking / doing w
From
Brett Delmage@21:1/5 to
bind-users on Tue Jul 28 22:30:05 2020
nsupdate works according to updated contents of a dynamic zonefile
but dig does not report the added A record.
What am I doing stupidly here?
BIND version 1:9.16.5-1+ubuntu18.04.1
- both authoritative and local recursive
zone config:
zone "ottawatch.ca"
{
type master;
file "/var/lib/bind/master/ottawatch.ca";
allow-transfer { key "pannier-xfer"; };
notify yes;
update-policy { grant ddns-key.ottawatch.ca subdomain ottawatch.ca.; };
};
[do I have the correct update-policy syntax?]
(I also tried "update-policy local" with nsupdate -l, with same results.)
# nsupdate -D -k ddns-key.ottawatch.ca nsupdate.script
nsupdate.script:
server 127.0.0.1
zone ottawatch.ca.
update del ddns-update.ottawatch.ca. a
send
update add ddns-update.ottawatch.ca. 999 a 3.4.5.8
send
zone DB after update and "rndc sync" executed to incorporate .jnl:
$ORIGIN .
$TTL 900 ; 15 minutes
ottawatch.ca IN SOA cacloud.ottawatch.ca. hostmaster.ottawatch.ca. (
2020072808 ; serial
900 ; refresh (15 minutes)
180 ; retry (3 minutes)
2419200 ; expire (4 weeks)
900 ; minimum (15 minutes)
)
NS cacloud.ottawatch.ca.
NS pannier.ottawatch.ca.
A 206.248.172.47
MX 10 mail1.ottawajazzscene.ca.
TXT "v=spf1 a ip4:206.248.172.47 -all"
$ORIGIN ottawatch.ca.
cacloud A 23.111.69.176
AAAA 2607:7b00:7200:1::281a:5de2
$TTL 999 ; 16 minutes 39 seconds
ddns-update A 3.4.5.8 <--- nsupdate worked (it seems)
$TTL 900 ; 15 minutes
pannier A 206.248.172.47
AAAA 2607:f2c0:a000:1d1::73:1
# dig -4 @cacloud.ottawatch.ca cacloud.ottawatch.ca. a
; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca cacloud.ottawatch.ca. a ; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1862
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 195a1192604da78e010000005f20daf7193b36ec5545d879 (good)
;; QUESTION SECTION:
;cacloud.ottawatch.ca. IN A
;; ANSWER SECTION:
cacloud.ottawatch.ca. 900 IN A 23.111.69.176
;; Query time: 0 msec
;; SERVER: 23.111.69.176#53(23.111.69.176)
;; WHEN: Tue Jul 28 22:12:07 EDT 2020
;; MSG SIZE rcvd: 93
BUT dig does not report the nsupdate-added a record (NXDOMAIN):
# dig -4 @cacloud.ottawatch.ca ddns-key.ottawatch.ca. a
; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca ddns-key.ottawatch.ca. a ; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49598
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6db0ccbd0085ecca010000005f20db0f7cdb769b038236f9 (good)
;; QUESTION SECTION:
;ddns-key.ottawatch.ca. IN A
;; AUTHORITY SECTION:
ottawatch.ca. 900 IN SOA cacloud.ottawatch.ca. hostmaster.ottawatch.ca. 2020072808 900 180 2419200 900
;; Query time: 0 msec
;; SERVER: 23.111.69.176#53(23.111.69.176)
;; WHEN: Tue Jul 28 22:12:31 EDT 2020
;; MSG SIZE rcvd: 133
A record added to the dynamic zone file manually works:
dig -4 @cacloud.ottawatch.ca bb.ottawatch.ca. a
; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca bb.ottawatch.ca. a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8033
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8feed7fd82821e9a010000005f20dc3de1670c37be1dadbc (good)
;; QUESTION SECTION:
;bb.ottawatch.ca. IN A
;; ANSWER SECTION:
bb.ottawatch.ca. 900 IN A 3.4.5.9
;; Query time: 0 msec
;; SERVER: 23.111.69.176#53(23.111.69.176)
;; WHEN: Tue Jul 28 22:17:33 EDT 2020
;; MSG SIZE rcvd: 88
END OF DETAILS
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)