0

I'm working with a online development server and I need to change quite frequently the bind9 configuration, but I can't see the changes from my working computer.

What I'm doing is something like this in my server:

root@myserver.com# vi /etc/bind/pri.myserver.com
(change some records, then update serial)
root@myserver.com# service bind9 reload
root@myserver.com# rndc reload
root@myserver.com# dig +nocmd myserver.com any +multiline +noall +answer

What I get is an old version of my bind configuration, with the old serial number.

I have even tried to add @127.0.0.1 to dig command without success.

What I'm doing wrong? Why I can't see the new config with the new serial?

Ivan
  • 192
  • 2
  • 11
  • 2
    By default `dig` queries the nameserver(s) from `/etc/resolv.conf`. There you probably do not point to your local bind instance (since you shouldn't mix recursive caching resolver and authoritative DNS roles) and you will see cached records from the resolvers that you do use (with a decreasing TTL) until they expire rather than immediately seeing your updates. – HBruijn Mar 15 '18 at 15:44
  • 1
    When you do query your local bind instance directly (with `dig soa example.com @127.0.0.1` ) and and you don't see your updated serial, it may be that there is a typo and bind refused to load the updated zone file. In that case there should be a message in your log files You can validate the syntax of a zone file with `named-checkzone example.com /etc/bind/example.com.zone` – HBruijn Mar 15 '18 at 15:45
  • Great @HBruijn, it's a typo! I checked it with named-checkzone and I found it. Thanks! If you convert your comment into an answer I will be able to give you the credit. – Ivan Mar 15 '18 at 16:15
  • 1
    As an alternative way, if you change the content often and you fear syntax errors, do not touch your zonefile at all, enable your server to allow receiving DNS updates from localhost and only from localhost (important step for security) and then use the command `nsupdate` to just send the changes you need. It works for both addition and deletion of records. See for example: https://debian-administration.org/article/591/Using_the_dynamic_DNS_editor_nsupdate – Patrick Mevzek Mar 16 '18 at 23:52

0 Answers0