0

i have zones in my BIND server that are updated dynamically by some windows DHCP servers, quite frequently. however, i need to add records "manually" in these zones. can i still manually update these zones by simply editing them (using vi on my bind server like i do for the others not supporting updates), adding the record, updating the serial and reloading the thing ? (rndc reload) what happens if, during my serial update, an update is done at the same time by any dynamic system (DHCP in my case). thanks

olivierg
  • 524
  • 2
  • 8
  • 27
  • See [this answer](https://serverfault.com/a/1015327/63361) which shows the config for using the simple `nsupdate -l` to update dynamic zones on the same host. – mivk May 02 '20 at 16:53

1 Answers1

0

after watching some DNS documentation (DNS and BIND from O'Reilly), i saw that we could technically do it but it would be dangerous, and i had to use nsupdate instead. will try this program !

olivierg
  • 524
  • 2
  • 8
  • 27
  • 1
    That is correct if your zone is dynamic you should not write directly to fles anymore blindly, and you can continue doing updates manually with any tool sending DNS UPDATE packets like `nsupdate` or another one. The other option is 1) `rndc freeze` 2) then edit the file 3) `rndc thaw` to allow dynamic updates again – Patrick Mevzek Nov 10 '19 at 19:37
  • thanks Patrick, what happens if dynamic updates arrive in the meantime though ? they are queued somehow ? – olivierg Nov 10 '19 at 20:43
  • 2
    Please look at the documentation at https://downloads.isc.org/isc/bind9/9.15.5/doc/arm/Bv9ARM.ch04.html#dynamic_update : " The zone files of dynamic zones cannot normally be edited by hand because they are not guaranteed to contain the most recent dynamic changes [..] If you have to make changes to a dynamic zone manually, the following procedure will work: Disable dynamic updates to the zone using rndc freeze zone. This will update the zone's master file with the changes stored in its .jnl file. Edit the zone file. Run rndc thaw zone to reload the changed zone and re-enable dynamic updates." – Patrick Mevzek Nov 11 '19 at 01:09
  • 1
    @olivierg While frozen, any updates would be refused. It's better to stick to sending dynamic updates (whether using `nsupdate` or other tooling). – Håkan Lindqvist Nov 13 '19 at 18:48
  • thank you guys for your comments. it makes sense. – olivierg Nov 14 '19 at 20:33