search for: zonefiles

...ol 8 command write does. .It Fl i Ar oldfile Create an IXFR from the differences between the old zone file and the new zone file. The .Ar oldfile argument to the .Fl i option is the old zonefile, the .Ar zonefile argument passed to .Nm is the new zonefile. The difference is computed between the two zonefiles by keeping one version of the zone in memory, and another version in a temporary file. The temporary file is located in the zonefile directory. This is also where the result is written in a file with the zonefile name, ending with .Sq .ixfr . This is also where NSD reads it when IXFRs are configure...

...URATION ------------------------- 1. install rsync and add something like the following to /etc/inetd.conf to run it as a daemon: rsync stream tcp nowait root /usr/sbin/tcpd /usr/bin/rsync --daemon 2. edit /etc/rsyncd.conf like so: ---cut here--- syslog facility = daemon [zonefile] comment = zonefiles for rsync transfer path = /var/cache/bind/rsync read only = yes # see rsyncd.conf(5) for details on hosts allow specification hosts allow = a.a.a.a b.b.b.b c.c.c.c ...etc... ---cut here--- /var/cache/bind/rsync is the directory containing the rsyncable zone file(s). this should be a ded...

...R="/etc/named/KSK" ZSKDIR="/etc/named/ZSK" ZONEDIR="/var/named/chroot/var/named" LOG="/var/named/chroot/var/log/dnssec_resign.log" MAILREC="monitor at xx" #delete old signed files rm -rf $ZONEDIR/*.signed #delete the old log rm -rf $LOG #read the zonefiles ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') for FILES in $ZONEFILES; do #remove the .zone at the end ZONE=$(echo "${FILES%.*}") #remove the old signed zone rm -rf $ZONEDIR/$ZONE.signed #Sign the zone cd $ZONEDIR dnssec-signz...

hi, after i test nsd i find the following. if i use this in a zone file: $ORIGIN example.com. CNAME www www CNAME x x A 1.2.3.4 then it's excepted by nsd what's more give the proper result. if the slave is nsd than there is no problem, while if the slave is bind i've got the following error:

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$Z...

...log-time-ascii: yes round-robin: yes verbosity: 0 ip-address: "127.0.0.53" rrl-size: 1000000 rrl-ratelimit: 200 rrl-slip: 2 rrl-ipv4-prefix-length: 24 rrl-ipv6-prefix-length: 64 rrl-whitelist-ratelimit: 2000 zonefiles-check: yes zonefiles-write: 3600 remote-control: control-enable: yes control-port: 8952 server-key-file: "/etc/nsd/nsd_server.key" server-cert-file: "/etc/nsd/nsd_server.pem" control-key-file: "/etc/nsd/nsd_control.key"...

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After

Hi list, We are observing strange behavior of nsd v3.2.9 acting as slave DNS server. The environment is set up as follows: 0. We are using 172.16.0.0/16 subnet; 1. Primary Master server at 172.16.100.114; 2. Slave server at 172.16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$Z...

...sename(copyinstr(self- >file)),arg1); */ } syscall::write:entry /arg0==self->hostsfd/ { /* trace("Write hosts"); */ self->hostswritten=1; } syscall::close:entry /arg0==self->hostsfd && self->hostswritten==1/ { system("/usr/local/bin/regen-zonefiles"); self->hostsfd=-1 ; } Is there an easier/better way to do this, I think this script fails to detect a failed write, what is the best way to do that... Paul

BIND has a handy feature $GENERATE directive in zone files that allows you to handle large ranges of things like PTR/A records without having to actually create long lists in very large zonefiles. This was handy for things like IPv4/v6 PTR's and matching A/AAAA records for large dynamic hosts, etc. Does NSD support any type of range generation such at this? -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/

What is the right way to add PTR records to zonefile? I have the following config. Is it syntactically correct? humaaraartha.in.? ? ? ?A? ? ? ? ?182.59.136.243 243.136.59.182.in-addr.arpa.? ? ? PTR? ? ? ?humaaraartha.in.? When I dig the latter @localhost, I'm unable to get humaaraartha.in.? Thanking you Sagar Acharya https://humaaraartha.in P.S. Kindly cc me, I'm not subscribed to the

Hi Jean-Christophe, Anand's answer is entirely correct. Once 4.8.0 is released, zone files will be written once per hour by default. Best regards, Jeroen On Tue, 2023-12-05 at 10:48 +0100, Anand Buddhdev via nsd-users wrote: > On 04/12/2023 13:47, Jean-Christophe Boggio via nsd-users wrote: > > Hi Jean-Christophe, > > > When syncing between master and slaves, am I

...abase will always be created, or NEVER be created? I always wondered why I had both the .db and the zone files. After reading this first response, I was thinking I could cancel the zone files from being produced. But now, reading your reply, it appears that the nsd.db is being deprecated, and the zonefiles will be the only option. Is this correct? Cheers, Jamie

Hi NSD developers, I have been experimenting with the "store-ixfr" feature in NSD. I have a configuration with: server: zonefiles-write: 0 pattern: store-ixfr: yes With this configuration, NSD transfers zones from a primary, and keeps them in RAM. When the zones are updated, it receives and stores the IXFR in RAM too. I can query NSD with the IXFR qtype, and it replies with the appropriate difference records. Neither...

Per RFC 8501 seciont 2.2 https://datatracker.ietf.org/doc/html/rfc8501 I have attempted to use a wildcard on a /64 boundary within a zonefile for NSD, but it doesn't not appear to work. PTR lookups fail... tested with, ie: $ORIGIN 1.1.0.0.8.5.1.b.2.2.5.2.ip6.arpa. * PTR my.fqdn.net. Did not work... or would you have to use? (not tested) *.*.*.*.*.*.*.*.*.*.*.* PTR .... --

A group which my school is part of wants to start using DNS SRV records to allow "email-style" dialing amongst members of the group. I have gotten the records in our zonefiles, and things work pretty much just fine. However, since the DNS server can only specify a host and port, there doesn't seem to be any way to authenticate the user coming in. Is that the case? Is there a fix? Thanks in advance for anyone who might be able to shed some light. I've been...

On 04/12/2023 13:47, Jean-Christophe Boggio via nsd-users wrote: Hi Jean-Christophe, > When syncing between master and slaves, am I supposed to see new files > appear in the slave's "zonesdir" directory? Because, as you might > expect, I see nothing here. Is this behavior normal? From what I > understand, the slave "caches" the data in /var/lib/nsd/nsd.db

Hello, NSD 4.8.0 running on FreeBSD 13.2-RELEASE-p9 and serving both plain and DNSSEC signed zones. I noticed Permission denied errors in the logs for all domains listed in nsd.conf: [2024-01-12 12:20:05.710] nsd[8655]: info: writing zone domain-plain.org to file domain-plain.org [2024-01-12 12:20:05.710] nsd[8655]: error: cannot write zone domain-plain.org file domain-plain.org~: Permission