I really hate to be the "me too" guy, but I'd also love to see how that
works. We're currently using CVS to store the zones and checking
everything out/restarting named whenever there are any changes. This
isn't ideal, and your method seems to be much better/more efficient.

I like your ideas, and would love to subscribe to your newsletter.



-----Original Message-----
From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
Behalf Of Mike Diggins
Sent: Monday, September 29, 2008 9:41 AM
To: bind-users@isc.org
Cc: David Forrest
Subject: Re: Question regarding dynamic updates

Thanks for the reply. So instead of creating the zone from scratch and
HUP'ing named, apply the static entries (from the database) using
nsupdate (or similar)? I wouldn't mind having a look at your script if
you don't mind.

Assuming a database of 30,000 hosts with various DNS records (PTR,
etc) for each, how long would it take to nsupdate that?


On Sun, 28 Sep 2008, Chris Thompson wrote:

> On Sep 28 2008, David Forrest wrote:
>> On Sun, 28 Sep 2008, Mike Diggins wrote:
>>> My DNS environment (BIND) consists of a Master Name Server which is
>>> updated via a Database. A web page allows for changes, which updates

>>> the database, and periodically the database is dumped out to zone
>>> files for named, which are read and propagated to my slaves via
>>> regular zone transfers.
>>> My question is about transitioning to Dynamic updates, which I am
>>> not yet allowing. We have a number of zones, all updated through the

>>> Web interface I describe above. What happens if I want a client to
>>> be able to update one of those zones dynamically, while still
>>> updating all the static entries in the same zone, via the
>>> Web/Database and zone transfers? Is that even possible to update a
>>> zone this way, and allow dynamic updates? I can't seem to wrap my

head around that. Can someone straighten me out?
>>> -Mike

>> Investigate the rndc freeze and thaw commands. I dynamically update
>> my internal zones this way as it rolls the dynamic .jnl files into
>> the zones and deletes the .jnls. Although I seen on this list that
>> the serial numbers are updated, I haven't seen that. But it looks
>> like your database dumping script would update them anyway so that

would seem correct.
>> I see this as a possibility:
>> rndc freeze
>> update database
>> rndc thaw

> I would rather advise you to make your own updates via DNS update
> operations. I can offer you a Perl script that compares two
> normalised-by-"named-checkzone -D" zone files and generates input to
> nsupdate(1) that will turn one into the other. This is primarily
> intended for use when the whole zone contents are derived from the
> database, but you may be able to tweak it for use when some of the
> zone is under foreign control.
> --
> Chris Thompson
> Email: cet1@cam.ac.uk


Mike Diggins Voice: 905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks FAX: 905.528.3773
University Technology Services E-Mail: diggins@mcmaster.ca
McMaster University, Hamilton, Ontario

This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.