search for: zonefile

...uch better readability and maintainability. Please let me know if you are interested. Jan .Dd December 31, 2022 .Dt NSD-CHECKZONE 8 .Os .Sh NAME .Nm nsd-checkzone .Nd check NSD zone file syntax .Sh SYNOPSIS .Nm .Op Fl hp .Op Fl i Ar oldfile .Op Fl n Ar number .Op Fl s Ar size .Ar zonename .Ar zonefile .Sh DESCRIPTION .Nm reads a DNS zone file and checks it for errors. It prints errors to stderr. On failure it exits with nonzero exit status. This is used to check files before feeding them to the .Xr nsd 8 daemon. The .Ar zonename is the zone to check, the .Ar zonefile is the file to read. .Pp The...

...SERVER SIDE CONFIGURATION ------------------------- 1. install rsync and add something like the following to /etc/inetd.conf to run it as a daemon: rsync stream tcp nowait root /usr/sbin/tcpd /usr/bin/rsync --daemon 2. edit /etc/rsyncd.conf like so: ---cut here--- syslog facility = daemon [zonefile] comment = zonefiles for rsync transfer path = /var/cache/bind/rsync read only = yes # see rsyncd.conf(5) for details on hosts allow specification hosts allow = a.a.a.a b.b.b.b c.c.c.c ...etc... ---cut here--- /var/cache/bind/rsync is the directory containing the rsyncable zone file(s)...

...R="/etc/named/KSK" ZSKDIR="/etc/named/ZSK" ZONEDIR="/var/named/chroot/var/named" LOG="/var/named/chroot/var/log/dnssec_resign.log" MAILREC="monitor at xx" #delete old signed files rm -rf $ZONEDIR/*.signed #delete the old log rm -rf $LOG #read the zonefiles ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') for FILES in $ZONEFILES; do #remove the .zone at the end ZONE=$(echo "${FILES%.*}") #remove the old signed zone rm -rf $ZONEDIR/$ZONE.signed #Sign the zone cd $ZONEDIR dnssec-sign...

hi, after i test nsd i find the following. if i use this in a zone file: $ORIGIN example.com. CNAME www www CNAME x x A 1.2.3.4 then it's excepted by nsd what's more give the proper result. if the slave is nsd than there is no problem, while if the slave is bind i've got the following error:

...d create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org". warning: slave zone lfarkas.org with no zonefile 'lfarkas.org'(No such file or directory) will force zone transfer. zonec: processed 0 RRs in "lfarkas.org". ----------------------------------------- but the slave file is never written. so i assume the zone date is written into nsd.db, but from nsd.conf zonefile: "This attr...

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$...

...log-time-ascii: yes round-robin: yes verbosity: 0 ip-address: "127.0.0.53" rrl-size: 1000000 rrl-ratelimit: 200 rrl-slip: 2 rrl-ipv4-prefix-length: 24 rrl-ipv6-prefix-length: 64 rrl-whitelist-ratelimit: 2000 zonefiles-check: yes zonefiles-write: 3600 remote-control: control-enable: yes control-port: 8952 server-key-file: "/etc/nsd/nsd_server.key" server-cert-file: "/etc/nsd/nsd_server.pem" control-key-file: "/etc/nsd/nsd_control.key"...

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After reconfig nsd-control zonestatus still shows that the zone is still master: zone: 10.in-addr...

...16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to come from 172.16/16 subnet. To do this, I use allow-notify in the slave config file: zone: name: "black" zonefile: "/var/nsd/zones/black.zone" allow-notify: 172.16.0.0/24 NOKEY Then I receive error message from nsd-checkconf: /etc/nsd-dns-slave.conf: zone black has allow-notify but no request-xfr items. Where can it get a zone transfer when a notify is received? /etc/nsd-dns-slave.conf: 1 s...

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$...

...sename(copyinstr(self- >file)),arg1); */ } syscall::write:entry /arg0==self->hostsfd/ { /* trace("Write hosts"); */ self->hostswritten=1; } syscall::close:entry /arg0==self->hostsfd && self->hostswritten==1/ { system("/usr/local/bin/regen-zonefiles"); self->hostsfd=-1 ; } Is there an easier/better way to do this, I think this script fails to detect a failed write, what is the best way to do that... Paul

BIND has a handy feature $GENERATE directive in zone files that allows you to handle large ranges of things like PTR/A records without having to actually create long lists in very large zonefiles. This was handy for things like IPv4/v6 PTR's and matching A/AAAA records for large dynamic hosts, etc. Does NSD support any type of range generation such at this? -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/

What is the right way to add PTR records to zonefile? I have the following config. Is it syntactically correct? humaaraartha.in.? ? ? ?A? ? ? ? ?182.59.136.243 243.136.59.182.in-addr.arpa.? ? ? PTR? ? ? ?humaaraartha.in.? When I dig the latter @localhost, I'm unable to get humaaraartha.in.? Thanking you Sagar Acharya https://humaaraartha.in P....

...ebian). > > By default, NSD doesn't write out zone files on the secondary. It > stores > all the data in nsd.db, as you've observed. > > You can make NSD write out zone files, by setting the option > "zonesfile-write" to a number above 0, and setting "zonefile" to > something like "<zonename>.zone" for each secondary zone. NSD will > then > write out changed zones to plain text files. This is in *addition* to > saving the zone data in nsd.db. > > Alternatively, you can disable the database altogether by setting...

...abase will always be created, or NEVER be created? I always wondered why I had both the .db and the zone files. After reading this first response, I was thinking I could cancel the zone files from being produced. But now, reading your reply, it appears that the nsd.db is being deprecated, and the zonefiles will be the only option. Is this correct? Cheers, Jamie

Hi NSD developers, I have been experimenting with the "store-ixfr" feature in NSD. I have a configuration with: server: zonefiles-write: 0 pattern: store-ixfr: yes With this configuration, NSD transfers zones from a primary, and keeps them in RAM. When the zones are updated, it receives and stores the IXFR in RAM too. I can query NSD with the IXFR qtype, and it replies with the appropriate difference records. Neither...

Per RFC 8501 seciont 2.2 https://datatracker.ietf.org/doc/html/rfc8501 I have attempted to use a wildcard on a /64 boundary within a zonefile for NSD, but it doesn't not appear to work. PTR lookups fail... tested with, ie: $ORIGIN 1.1.0.0.8.5.1.b.2.2.5.2.ip6.arpa. * PTR my.fqdn.net. Did not work... or would you have to use? (not tested) *.*.*.*.*.*.*.*.*.*.*.* PTR .... -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net P...

A group which my school is part of wants to start using DNS SRV records to allow "email-style" dialing amongst members of the group. I have gotten the records in our zonefiles, and things work pretty much just fine. However, since the DNS server can only specify a host and port, there doesn't seem to be any way to authenticate the user coming in. Is that the case? Is there a fix? Thanks in advance for anyone who might be able to shed some light. I've bee...

...b/nsd/nsd.db (I'm > using debian). By default, NSD doesn't write out zone files on the secondary. It stores all the data in nsd.db, as you've observed. You can make NSD write out zone files, by setting the option "zonesfile-write" to a number above 0, and setting "zonefile" to something like "<zonename>.zone" for each secondary zone. NSD will then write out changed zones to plain text files. This is in *addition* to saving the zone data in nsd.db. Alternatively, you can disable the database altogether by setting "database" to the e...

...ion: yes key: name: "tsig.upu.sha256.plain" algorithm: hmac-sha256 secret: "xxx" key: name: "tsig.upu.sha256.signed" algorithm: hmac-sha256 secret: "xxx" pattern: name: "from-master" zonefile: "%s" request-xfr: AXFR 192.168.7.4 tsig.upu.sha256.plain allow-notify: 192.168.7.4 tsig.upu.sha256.plain pattern: name: "from-signer" zonefile: "%s" request-xfr: AXFR 192.168.7.4 tsig.upu.sha256.signed allow-notify: 192...