Displaying 20 results from an estimated 47 matches for "zonefil".
Did you mean:
zonefile
2022 Dec 31
1
rewrite manpages to mdoc(7)
...uch better readability and maintainability.
Please let me know if you are interested.
Jan
.Dd December 31, 2022
.Dt NSD-CHECKZONE 8
.Os
.Sh NAME
.Nm nsd-checkzone
.Nd check NSD zone file syntax
.Sh SYNOPSIS
.Nm
.Op Fl hp
.Op Fl i Ar oldfile
.Op Fl n Ar number
.Op Fl s Ar size
.Ar zonename
.Ar zonefile
.Sh DESCRIPTION
.Nm
reads a DNS zone file and checks it for errors.
It prints errors to stderr.
On failure it exits with nonzero exit status.
This is used to check files before feeding them to the
.Xr nsd 8
daemon.
The
.Ar zonename
is the zone to check,
the
.Ar zonefile
is the file to read.
.Pp
Th...
2001 Jul 27
0
(fwd) Re: rsync and named-xfer
...SERVER SIDE CONFIGURATION
-------------------------
1. install rsync and add something like the following to /etc/inetd.conf
to run it as a daemon:
rsync stream tcp nowait root /usr/sbin/tcpd /usr/bin/rsync --daemon
2. edit /etc/rsyncd.conf like so:
---cut here---
syslog facility = daemon
[zonefile]
comment = zonefiles for rsync transfer
path = /var/cache/bind/rsync
read only = yes
# see rsyncd.conf(5) for details on hosts allow specification
hosts allow = a.a.a.a b.b.b.b c.c.c.c ...etc...
---cut here---
/var/cache/bind/rsync is the directory containing the rsyncable zone
file(s...
2017 Feb 01
4
Script not running correctly as cronjob
...R="/etc/named/KSK"
ZSKDIR="/etc/named/ZSK"
ZONEDIR="/var/named/chroot/var/named"
LOG="/var/named/chroot/var/log/dnssec_resign.log"
MAILREC="monitor at xx"
#delete old signed files
rm -rf $ZONEDIR/*.signed
#delete the old log
rm -rf $LOG
#read the zonefiles
ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
for FILES in $ZONEFILES; do
#remove the .zone at the end
ZONE=$(echo "${FILES%.*}")
#remove the old signed zone
rm -rf $ZONEDIR/$ZONE.signed
#Sign the zone
cd $ZONEDIR
dnssec-sig...
2006 Dec 10
5
which is the vaild a format?
hi,
after i test nsd i find the following. if i use this in a zone file:
$ORIGIN example.com.
CNAME www
www CNAME x
x A 1.2.3.4
then it's excepted by nsd what's more give the proper result. if the
slave is nsd than there is no problem, while if the slave is bind i've
got the following error:
2006 Dec 07
1
a few more notes
...d create
this file as root, ok i know just it'd be better if this file is owned
by nsd too).
another strange thing is that on the slave nsd i've got such messages:
-----------------------------------------
zonec: reading zone "lfarkas.org".
warning: slave zone lfarkas.org with no zonefile 'lfarkas.org'(No such
file or directory) will force zone transfer.
zonec: processed 0 RRs in "lfarkas.org".
-----------------------------------------
but the slave file is never written. so i assume the zone date is
written into nsd.db, but from nsd.conf zonefile: "This att...
2017 Feb 01
1
Script not running correctly as cronjob
...K"
> ZONEDIR="/var/named/chroot/var/named"
> LOG="/var/named/chroot/var/log/dnssec_resign.log"
> MAILREC="monitor at xx"
>
> #delete old signed files
> rm -rf $ZONEDIR/*.signed
>
> #delete the old log
> rm -rf $LOG
>
> #read the zonefiles
> ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
>
> for FILES in $ZONEFILES; do
> #remove the .zone at the end
> ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
> #remove the old signed zone
> rm -rf $ZONEDIR/...
2019 Dec 28
2
tinydns to nsd
...log-time-ascii: yes
round-robin: yes
verbosity: 0
ip-address: "127.0.0.53"
rrl-size: 1000000
rrl-ratelimit: 200
rrl-slip: 2
rrl-ipv4-prefix-length: 24
rrl-ipv6-prefix-length: 64
rrl-whitelist-ratelimit: 2000
zonefiles-check: yes
zonefiles-write: 3600
remote-control:
control-enable: yes
control-port: 8952
server-key-file: "/etc/nsd/nsd_server.key"
server-cert-file: "/etc/nsd/nsd_server.pem"
control-key-file: "/etc/nsd/nsd_control.key"...
2013 Oct 18
1
nsd-4.0.0b5(and rc2) and changing zone from master to slave ?
Hi,
I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found
something strange when changing (nsd-control reconfig) one
zone from:
zone:
name: 10.in-addr.arpa
zonefile: /zones/empty.zone
to
zone:
name: 10.in-addr.arpa
request-xfr: 192.168.122.12 NOKEY
allow-notify: 192.168.122.12 NOKEY
zonefile: /zones/slave/10.rev
and doing nsd-control reconfig.
After reconfig nsd-control zonestatus still shows that
the zone is still master:
zone: 10.in-add...
2012 Jul 18
1
allow-notify SUBNET and request-xfr inconsistency
...16.100.115. The config file is
in /etc/nsd-dns-slave.conf;
3. There may be also other Master servers im the given subnet.
Now I want to permit DNS NOTIFY messages to come from 172.16/16 subnet.
To do this, I use allow-notify in the slave config file:
zone:
name: "black"
zonefile: "/var/nsd/zones/black.zone"
allow-notify: 172.16.0.0/24 NOKEY
Then I receive error message from nsd-checkconf:
/etc/nsd-dns-slave.conf: zone black has allow-notify but no request-xfr items.
Where can it get a zone transfer when a notify is received?
/etc/nsd-dns-slave.conf: 1...
2017 Feb 01
0
Script not running correctly as cronjob
...K"
> ZONEDIR="/var/named/chroot/var/named"
> LOG="/var/named/chroot/var/log/dnssec_resign.log"
> MAILREC="monitor at xx"
>
> #delete old signed files
> rm -rf $ZONEDIR/*.signed
>
> #delete the old log
> rm -rf $LOG
>
> #read the zonefiles
> ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
>
> for FILES in $ZONEFILES; do
> #remove the .zone at the end
> ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
> #remove the old signed zone
> rm -rf $ZONEDIR/...
2006 Mar 24
3
Triggering on close of a written file.
...sename(copyinstr(self-
>file)),arg1); */
}
syscall::write:entry
/arg0==self->hostsfd/
{
/* trace("Write hosts"); */
self->hostswritten=1;
}
syscall::close:entry
/arg0==self->hostsfd && self->hostswritten==1/
{
system("/usr/local/bin/regen-zonefiles");
self->hostsfd=-1 ;
}
Is there an easier/better way to do this, I think this script fails
to detect a failed write, what is the best way to do that...
Paul
2023 Mar 20
1
NSD zone file GENERATE directive
BIND has a handy feature $GENERATE directive in zone files that allows
you to handle large ranges of things like PTR/A records without having
to actually create long lists in very large zonefiles.
This was handy for things like IPv4/v6 PTR's and matching A/AAAA records
for large dynamic hosts, etc.
Does NSD support any type of range generation such at this?
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP: https://pgp.inoc.net/rblayzor/
2023 Sep 08
1
Adding PTR records
What is the right way to add PTR records to zonefile?
I have the following config. Is it syntactically correct?
humaaraartha.in.? ? ? ?A? ? ? ? ?182.59.136.243
243.136.59.182.in-addr.arpa.? ? ? PTR? ? ? ?humaaraartha.in.?
When I dig the latter @localhost, I'm unable to get humaaraartha.in.?
Thanking you
Sagar Acharya
https://humaaraartha.in
P...
2023 Dec 05
1
Question on slave
...ebian).
>
> By default, NSD doesn't write out zone files on the secondary. It
> stores
> all the data in nsd.db, as you've observed.
>
> You can make NSD write out zone files, by setting the option
> "zonesfile-write" to a number above 0, and setting "zonefile" to
> something like "<zonename>.zone" for each secondary zone. NSD will
> then
> write out changed zones to plain text files. This is in *addition* to
> saving the zone data in nsd.db.
>
> Alternatively, you can disable the database altogether by setting...
2023 Dec 07
2
Question on slave
...abase will always be created, or NEVER be created?
I always wondered why I had both the .db and the zone files. After
reading this first response, I was thinking I could cancel the zone
files from being produced.
But now, reading your reply, it appears that the nsd.db is being
deprecated, and the zonefiles will be the only option. Is this correct?
Cheers, Jamie
2023 Dec 11
1
Question about "store-ixfr"
Hi NSD developers,
I have been experimenting with the "store-ixfr" feature in NSD. I have a
configuration with:
server:
zonefiles-write: 0
pattern:
store-ixfr: yes
With this configuration, NSD transfers zones from a primary, and keeps
them in RAM. When the zones are updated, it receives and stores the IXFR
in RAM too. I can query NSD with the IXFR qtype, and it replies with the
appropriate difference records. Neithe...
2024 Mar 01
1
RFC8501 IPv6 Wildcard PTR
Per RFC 8501 seciont 2.2
https://datatracker.ietf.org/doc/html/rfc8501
I have attempted to use a wildcard on a /64 boundary within a zonefile
for NSD, but it doesn't not appear to work. PTR lookups fail...
tested with, ie:
$ORIGIN 1.1.0.0.8.5.1.b.2.2.5.2.ip6.arpa.
* PTR my.fqdn.net.
Did not work...
or would you have to use? (not tested)
*.*.*.*.*.*.*.*.*.*.*.* PTR ....
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net...
2005 Jul 14
1
Any way to authenticate SIP peers using SRV?
A group which my school is part of wants to start using DNS SRV records
to allow "email-style" dialing amongst members of the group.
I have gotten the records in our zonefiles, and things work pretty much
just fine.
However, since the DNS server can only specify a host and port, there
doesn't seem to be any way to authenticate the user coming in.
Is that the case? Is there a fix?
Thanks in advance for anyone who might be able to shed some light. I've
be...
2023 Dec 05
1
Question on slave
...b/nsd/nsd.db (I'm
> using debian).
By default, NSD doesn't write out zone files on the secondary. It stores
all the data in nsd.db, as you've observed.
You can make NSD write out zone files, by setting the option
"zonesfile-write" to a number above 0, and setting "zonefile" to
something like "<zonename>.zone" for each secondary zone. NSD will then
write out changed zones to plain text files. This is in *addition* to
saving the zone data in nsd.db.
Alternatively, you can disable the database altogether by setting
"database" to the...
2024 Jan 12
1
error: cannot write zone : Permission denied
...ion: yes
key:
name: "tsig.upu.sha256.plain"
algorithm: hmac-sha256
secret: "xxx"
key:
name: "tsig.upu.sha256.signed"
algorithm: hmac-sha256
secret: "xxx"
pattern:
name: "from-master"
zonefile: "%s"
request-xfr: AXFR 192.168.7.4 tsig.upu.sha256.plain
allow-notify: 192.168.7.4 tsig.upu.sha256.plain
pattern:
name: "from-signer"
zonefile: "%s"
request-xfr: AXFR 192.168.7.4 tsig.upu.sha256.signed
allow-notify: 19...