Mailinglist Archive: opensuse (389 mails)

< Previous Next >
Re: [opensuse] Why are nsupdate changes not persistent?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Fri, 15 Mar 2019 11:43:33 +0100
  • Message-id: <q6fvkl$5e2$1@saturn.local.net>
Marc Chamberlin wrote:

I know/understand it is a bad sign if no one is replying to a query
like mine, probably means know one knows an answer or has any ideas...
But I was pointed back to OpenSuSE, so will report where I am and what
I have found out...

First of all I did track down a very nasty little issue that really
cost me a lot of time and grief!  The named.conf file that came
supplied from the distro, to be used as a starting example for
configuring bind, has a gotcha in it. There are two views defined
called internal and external (also a localhost.resolver) The quotes
that surround the "external" and "internal" parameters are the ISO
version of quotes &laquo; and &raquo;, not the ASCII version. Very
difficult to spot and I cannot really produce the ISO versions cuz my
keyboard doesn't have a key to produce them. Anywise, named.d is
perfectly happy to use either form of quotes, but tools like rndc
choke on the ISO version of quotes. rndc kept complaining that there
was not such view as internal or external even though my eyes were
telling me that there darn well were such views defined... 

Interesting, I would not have imagined rndc to have a need to parse
those configs, and even if, to do it differently to named.

Another bit of wizardry I learned about rndc is if you want to use it
to show the contents of a zone - i.e.

#rndc showzone

It only works if you also have "allow-new-zones yes;” set in the
options clause of named.conf. Go figure! I can't find that bit of
magic documented anywhere and it would be nice to include a comment
and example in the options clause of the distro's supplied named.conf
file. Wanna know what choice words...?

It's been a few years since I've set up a new nameserver, but I can
easily imagine your choice of words ....

The folks over on the bind users forum have pointed me back here in
regards to the persistent problems that I reported, when using
nsupdate. Their thinking is that the systemctl stop and start (or
restart) process for named.d is not copying the data out of the named
journal files back into the config files. Any systemd gurus out there
want to help me track this down or should I simply submit a bug report
based on hearsay evidence?

It doesn't sound like something systemd should be fiddling with at all.
I use dynamic DNS from dhcp, bind is bind-9.10.4-P2. There are no
journal files, except when I manually updatee and I do a 'rndc freeze'.
TMK, named should be picking up and persisting any journals on a
restart.

I don't know if this issue with nsupdate persistence is what is
causing the failure I really want to solve, I am trying to validate
LetsEncrypt certificates using Bind to authenticate domain ownership,
which I haven't got working yet either.

right, dns-01. So you get something from letsencrypt and you need to
put it in a zone file. Or even create one? I use http-01, but I have
been wondering about moving to dns-01. You are making me curious. :



--
Per Jessen, Zürich (10.1°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups