Mailinglist Archive: opensuse (389 mails)

< Previous Next >
Re: [opensuse] Why are nsupdate changes not persistent?
Hi Per,  Thanks for following up and taking a look at this issue. ;-)  I
set up a test host in one of my zones and used nsupdate to insert a txt
record for that host.  Monitoring what is happening in the chroot
directories where named does it's work.

First I set up a small test file to use

# cat test.example.txt
debug yes
zone example.com.
update add test.example.com. 86400 TXT "foobar"
show
send

Then using nsupdate I add the TXT record "foobar" for test.example.com -

nsupdate -k /etc/letsencrypt/james/Kletsencrypt.+165+56715.key -v
./test.example.txt

dig does show that indeed the TXT record was added and I see that the
jnl file - example.com.jnl has been created. However neither of the
config files for example.com in /etc/named.d/local/master/example.com or
/var/lib/named/etc/named.d/local/master/example.com has been updated
yet, as expected...

quasar:/var/lib/named/etc/named.d/local/master # dig +short -t txt
test.example.com "bar"
"bar"
Now for a small segway, if I manually sync the jnl file, i.e. rndc sync 
I do see that the TXT record is copied into the chrooted version of
example.com as can be seen with this copy/past section from example.com -

test                    A       xxx.yyy.zzz.aaa
$TTL 86400      ; 1 day
                        TXT     "bar"
$TTL 172800     ; 2 days
However, it still is not persisted into
/etc/named.d/local/master/example.com.  The jnl file is still in the
chrooted directory...

So far so good...  Next I stop the named service -

quasar: /etc/named # systemctl stop named.service

And the contents of the chrooted directory is still intact, both the
record remains defined and the jnl file exists. But the file at
/etc/named.d/local/master/example.com remains unchanged and not updated.

When I start up the named service, the entire chrooted directory at
/var/lib/named/etc/named.d/local/master is destroyed and then recreated.
I was able to determine that this is done by copying the contents of
/etc/named.d/local/master into the new chroot directory. Thus the TXT
record inserted by nsupdate is lost and the jnl file is destroyed.
Therefore I must conclude that either the scripts that stop the named
service or the ones that start the named service do not copy the files
out of the chrooted directories back into the files at /etc/named.d
before the chrooted directory is destroyed. I don't know which step
should have this responsibility, but my guess is that the copy back
should occur when the named service is stopped. Anywise, this is where a
systemd guru is needed, as this is getting above my pay grade...

    Marc...



On 03/15/2019 10:18 AM, Per Jessen wrote:
Per Jessen wrote:

right, dns-01. So you get something from letsencrypt and you need to
put it in a zone file. Or even create one? I use http-01, but I have
been wondering about moving to dns-01. You are making me curious. :
fwiw - maybe it'll help comparing notes.

I set up my name server with a key for access to "example.com". When I
run an nsupdate, I see a file named "example.com.jnl" created.

When I stop named, I see the zone file was updated, but the jnl file
remains. After starting named again, no change, jnl file still there,
all is fine.

This system is still sysv init, but looking at the start/stop script
from leap15, they are the same or very similar.

If I do 'rndc freeze', the jnl file is removed.

I don't think systemd has any blame here - keep an on your zone files to
figure what is happening.



--
*Computers: the final frontier. These are the voyages of the user Marc.
His mission: to explore strange new hardware. To seek out new software
and new applications.
To boldly go where no Marc has gone before!
*

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >