On 2020-04-20 10:33, Warren Kumari wrote:
On Sat, Apr 18, 2020 at 12:52 PM Tony Finch <d...@dotat.at> wrote:
@lbutlr <krem...@kreme.com> wrote:
>
> Is it possible to batch update all the domains? Looking at nsupdate it
> looks like I have to step through and do every domain individually.
An UPDATE request can change many records, so long as they are all in
the
same zone, and so long as they fit in the 64KB limit of DNS message
size.
I find one request is usually enough for routine changes, but if you
are
doing a bulk update to a large zone, you will need to split the
changes
across mulitiple update requests.
You might find nsdiff helpful, both to verify that your bulk changes
are
what you expect, and because it will split large updates into multiple
requests automatically. It's still one-zone-at-a-time, though. A
quick-and-dirty starting point might be roughly
dig axfr $zone |
sed 's/oldprefix/newprefix/' |
nsdiff $zone /dev/stdin |
nsupdate -l
https://dotat.at/prog/nsdiff/
Another option may be:
rndc sync
rndc freeze
rndc sync
[sed and awk[0] ]
rndc thaw
The problem with freeze and thaw is that you lose your history. I like
having history, and it won't hurt to have that in the future, when
dealing with the ISP's next capricious reassignment. "On 2020-04-23[1]
you moved us from x.x.x.x to y.y.y.y, and now again to z.z.z.z? We are
paying for a static IP address, what does 'static' mean?"
Another problem with that choice is that the zones are signed, and named
will have to re-sign the whole zone in one go. I think (not sure) that
with nsupdate the signing will happen one record at a time; or at least,
only the relevant A / TXT(SPF) records with the changed IP address will
need to be signed. Given that there are lots of zones being done in a
loop, there could be a very high load on the server and drain on its
pool of entropy.
So yeah, I'd go with Tony's plan here. But I suppose the bottom line
for this list is, "nsupdate can't do batches, you have to script it."
W
[0]: Now at this point I should have remembered that profound truism:
“Some people, when confronted with a Unix problem, think ‘I know,
I’ll use sed.’ Now they have two problems.” jwz - 12 Dec 1992
LOL, yes, I thought that quote was about regular expressions, but
either way it sure fits.
[1] Shakespeare's death, 404 years ago; birth, 456 years ago, that day.
What would the Bard do? "To sed, or not to sed, ..."
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
