9

I'm working on centos6.5 and bind9 and I have managed to add records to a DNS zone by doing this steps:

creating the key: 

 dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com.

editing conf. file:

// TSIG Key
key "example.com." {
     algorithm hmac-md5;
     secret "THE KEY GENERATED ABOVE";
};
zone "example.com" IN {
     type master;
     file "example.com.zone";
     allow-update{ key "example.com."; };
};

give the named authorization to the /var/named folder:

# chown -R named:named /var/named
# find . -type d -exec chmod 770 {} \;
# find . -type f -exec chmod 660 {} \;

I have adding records using this script:

#!/bin/bash
#Defining Variables
DNS_SERVER="localhost"
DNS_ZONE="example.com."
USER_NAME="dd2.example.com."
IP="192.168.1.7"
TTL="60"
RECORD=" $USER_NAME $TTL A $IP"
echo "
server $DNS_SERVER
zone $DNS_ZONE
debug
update add $RECORD
show
send" | nsupdate -k Kexample.com.+157+55566.key

it didn't return any error.

I test if I add this record by using dig command:

#dig +short dd2.example.com.
192.168.1.7

but the problem that the record added doesn't appear in the zone file 'example.com.zone'.

even when I use reload: rndc reload MYZONE or rndc reload
it returns an error message like this:

[root@dd Shells]# rndc reload example.com.
rndc: 'reload' failed: dynamic zone

but when I restart the named service: service named restart the record appears in the zone file.

my question is :

Is it a way to the record to be added to the zone file without restarting the named service?

Braiam
  • 35,380
  • 25
  • 108
  • 167
Nidal
  • 8,856
  • 11
  • 55
  • 74
  • even though `service named reload` worked , is it considered as a good solution for performance? because `service named restart` is absolutely not @Christopher – Nidal May 29 '14 at 20:39
  • Thanks, but did you have any idea why `rndc reload zone` didn't work? – Nidal May 29 '14 at 20:48
  • `service named reload` didn't work too @Christopher – Nidal May 31 '14 at 10:30

2 Answers2

8

I have found the answer:

my problem was that BIND can't rndc reload zone with the dynamic zones so BIND won’t allow us to reload a dynamic zone. So we have to tell bind to temporarily stop allowing dynamic updates. This is handled with the freeze option.

rndc freeze example.com

then reloading 

rndc reload example.com

then allowing dynamic updates again:

rndc thaw example.com
Nidal
  • 8,856
  • 11
  • 55
  • 74
1

Have you tried:

 rndc reconfig

This should do the trick.

But be aware that this command adds (removes) new (old) zones, but it cannot modify existing ones

Neven
  • 773
  • 7
  • 15
  • I want to add records to the zone,, not adding a new zone @Neven – Nidal May 27 '14 at 11:08
  • Sorry I misunderstood. There is no other way than rndc reload. Have you tried with SOA serial number change? – Neven May 27 '14 at 11:12
  • but why it won't work? @Neven – Nidal May 27 '14 at 11:12
  • 1
    Have you changed serial number in SOA? – Neven May 27 '14 at 11:13
  • no I haven't, but is it necessary every time I modify my zone ,and if I do it what it would do ? – Nidal May 27 '14 at 11:15
  • 1
    The best answer is: It depends on your DNS topology, do you have more than one DNS, bla bla bla... But I've found that changing SOA SN is really good thing to do, because I've encountered similar problems in past. So I always increment serial number. This is my proposition to you also and than try to reinitiate zone reload. – Neven May 27 '14 at 11:22
  • 1
    I have learned that if I don't increment SOA SN, BIND won't reload the zone contents. So, SN incrementation is essential. – Tero Kilkanen May 27 '14 at 12:08
  • 1
    @Neven, you should post the serial number increase as an answer. It **needs** to be incremented, that is how it works. – Jenny D May 31 '14 at 10:40
  • Changing the serial number is the way to tell "hey! the records have changed" and that info will be widespread to other servers. Without changing it, you could locally force reloading of the file by shutting down and restarting BIND, but the changes won't be seen outside (as other servers/clients will rightfully use their cached date, assuming no changed have happened since the serial number is the same). – Pablo Saratxaga Jun 01 '14 at 10:10