I'm working on centos6.5 and bind9 and I have managed to add records to a DNS zone by doing this steps:
creating the key:
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com.
editing conf. file:
// TSIG Key
key "example.com." {
algorithm hmac-md5;
secret "THE KEY GENERATED ABOVE";
};
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update{ key "example.com."; };
};
give the named authorization to the /var/named folder:
# chown -R named:named /var/named
# find . -type d -exec chmod 770 {} \;
# find . -type f -exec chmod 660 {} \;
I have adding records using this script:
#!/bin/bash
#Defining Variables
DNS_SERVER="localhost"
DNS_ZONE="example.com."
USER_NAME="dd2.example.com."
IP="192.168.1.7"
TTL="60"
RECORD=" $USER_NAME $TTL A $IP"
echo "
server $DNS_SERVER
zone $DNS_ZONE
debug
update add $RECORD
show
send" | nsupdate -k Kexample.com.+157+55566.key
it didn't return any error.
I test if I add this record by using dig command:
#dig +short dd2.example.com.
192.168.1.7
but the problem that the record added doesn't appear in the zone file 'example.com.zone'.
even when I use reload: rndc reload MYZONE or rndc reload
it returns an error message like this:
[root@dd Shells]# rndc reload example.com.
rndc: 'reload' failed: dynamic zone
but when I restart the named service: service named restart
the record appears in the zone file.
my question is :
Is it a way to the record to be added to the zone file without restarting the named service?
Best Answer
I have found the answer:
my problem was that BIND can't
rndc reload zonewith the dynamic zones so BIND won’t allow us to reload a dynamic zone. So we have to tell bind to temporarily stop allowing dynamic updates. This is handled with the freeze option.then reloading
then allowing dynamic updates again: