Re: How to use update-policy type "external"
> I am not sure how to start debugging this. Can anyone help? Well, start with sharing as much details as you can. It’s hard to tell what you are doing from a single configuration line. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 14. 3. 2023, at 19:00, Vladimir Brik > wrote: > > Thanks, quoting worked! > > Does anybody know if the socket of an "external" update-policy supposed to > receive data for every dynamic DNS update? > > I `strace`ed the `named` process and pushed some updates using nsupdate, but > I saw no attempts to do anything with the socket file (no opens, no writes) > and nothing related to the socket in the logs either. > > I am not sure how to start debugging this. Can anyone help? > > > Vlad > > >> On 3/14/23 11:06, Ondřej Surý wrote: >> I haven't used this personally, but in the system tests, this works: >>update-policy { >>grant administra...@example.nil wildcard * A SRV CNAME; >>grant testden...@example.nil wildcard * TXT; >>grant "local:/tmp/auth.sock" external * CNAME; >>}; >> e.g. you need to quote the path. >> The documentation is silent on NAME field, but I would suggest using either >> * or . as placeholder. >> Ondrej >> -- >> Ondřej Surý (He/Him) >> ond...@isc.org >> My working hours and your working hours may be different. Please do not feel >> obligated to reply outside your normal working hours. On 14. 3. 2023, at 16:56, Vladimir Brik wrote: >>> >>> Hello >>> >>> I am trying to set up an "external" dynamic DNS update policy but I can't >>> figure out the syntax. >>> >>> The documentation [1] says that the "identity" field needs to be in the >>> form local:PATH, but using something like the following results in an >>> error: "expected unquoted string near '/'", and I don't know how to fix it. >>> >>> update-policy { >>>grant local:/tmp/sock external NAME txt; >>> }; >>> >>> Also, the documentation doesn't say how NAME is interpreted. Is it ignored? >>> >>> >>> Thanks very much >>> >>> Vlad >>> >>> >>> [1] >>> https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy >>> -- >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >>> this list >>> >>> ISC funds the development of this software with paid support subscriptions. >>> Contact us at https://www.isc.org/contact/ for more information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to use update-policy type "external"
Hi Vlad, Did you specify the socket filename (/tmp/sock from your update-policy example) when running it? According to the man page: https://bind9.readthedocs.io/en/v9_18_11/manpages.html#nsupdate-dynamic-dns-update-utility the final argument for the command line is an optional filename. If not specified, I think that nsupdate just does lookups to find the SOA and attempts updates via the IP addresses associated with the records you are trying to update. something like `nsupdate /tmp/sock` I think maybe? I don't know... I've never tried it. On Tue, Mar 14, 2023 at 2:01 PM Vladimir Brik wrote: > > Thanks, quoting worked! > > Does anybody know if the socket of an "external" > update-policy supposed to receive data for every dynamic DNS > update? > > I `strace`ed the `named` process and pushed some updates > using nsupdate, but I saw no attempts to do anything with > the socket file (no opens, no writes) and nothing related to > the socket in the logs either. > > I am not sure how to start debugging this. Can anyone help? > > > Vlad > > > On 3/14/23 11:06, Ondřej Surý wrote: > > I haven't used this personally, but in the system tests, this works: > > > > update-policy { > > grant administra...@example.nil wildcard * A SRV CNAME; > > grant testden...@example.nil wildcard * TXT; > > grant "local:/tmp/auth.sock" external * CNAME; > > }; > > > > e.g. you need to quote the path. > > > > The documentation is silent on NAME field, but I would suggest using either > > * or . as placeholder. > > > > Ondrej > > -- > > Ondřej Surý (He/Him) > > ond...@isc.org > > > > My working hours and your working hours may be different. Please do not > > feel obligated to reply outside your normal working hours. > > > > > > > >> On 14. 3. 2023, at 16:56, Vladimir Brik > >> wrote: > >> > >> Hello > >> > >> I am trying to set up an "external" dynamic DNS update policy but I can't > >> figure out the syntax. > >> > >> The documentation [1] says that the "identity" field needs to be in the > >> form local:PATH, but using something like the following results in an > >> error: "expected unquoted string near '/'", and I don't know how to fix it. > >> > >> update-policy { > >> grant local:/tmp/sock external NAME txt; > >> }; > >> > >> Also, the documentation doesn't say how NAME is interpreted. Is it ignored? > >> > >> > >> Thanks very much > >> > >> Vlad > >> > >> > >> [1] > >> https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy > >> -- > >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > >> from this list > >> > >> ISC funds the development of this software with paid support > >> subscriptions. Contact us at https://www.isc.org/contact/ for more > >> information. > >> > >> > >> bind-users mailing list > >> bind-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/bind-users > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to use update-policy type "external"
Thanks, quoting worked! Does anybody know if the socket of an "external" update-policy supposed to receive data for every dynamic DNS update? I `strace`ed the `named` process and pushed some updates using nsupdate, but I saw no attempts to do anything with the socket file (no opens, no writes) and nothing related to the socket in the logs either. I am not sure how to start debugging this. Can anyone help? Vlad On 3/14/23 11:06, Ondřej Surý wrote: I haven't used this personally, but in the system tests, this works: update-policy { grant administra...@example.nil wildcard * A SRV CNAME; grant testden...@example.nil wildcard * TXT; grant "local:/tmp/auth.sock" external * CNAME; }; e.g. you need to quote the path. The documentation is silent on NAME field, but I would suggest using either * or . as placeholder. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 14. 3. 2023, at 16:56, Vladimir Brik wrote: Hello I am trying to set up an "external" dynamic DNS update policy but I can't figure out the syntax. The documentation [1] says that the "identity" field needs to be in the form local:PATH, but using something like the following results in an error: "expected unquoted string near '/'", and I don't know how to fix it. update-policy { grant local:/tmp/sock external NAME txt; }; Also, the documentation doesn't say how NAME is interpreted. Is it ignored? Thanks very much Vlad [1] https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to use update-policy type "external"
I haven't used this personally, but in the system tests, this works: update-policy { grant administra...@example.nil wildcard * A SRV CNAME; grant testden...@example.nil wildcard * TXT; grant "local:/tmp/auth.sock" external * CNAME; }; e.g. you need to quote the path. The documentation is silent on NAME field, but I would suggest using either * or . as placeholder. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 14. 3. 2023, at 16:56, Vladimir Brik > wrote: > > Hello > > I am trying to set up an "external" dynamic DNS update policy but I can't > figure out the syntax. > > The documentation [1] says that the "identity" field needs to be in the form > local:PATH, but using something like the following results in an error: > "expected unquoted string near '/'", and I don't know how to fix it. > > update-policy { >grant local:/tmp/sock external NAME txt; > }; > > Also, the documentation doesn't say how NAME is interpreted. Is it ignored? > > > Thanks very much > > Vlad > > > [1] > https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to use update-policy type "external"
Hello I am trying to set up an "external" dynamic DNS update policy but I can't figure out the syntax. The documentation [1] says that the "identity" field needs to be in the form local:PATH, but using something like the following results in an error: "expected unquoted string near '/'", and I don't know how to fix it. update-policy { grant local:/tmp/sock external NAME txt; }; Also, the documentation doesn't say how NAME is interpreted. Is it ignored? Thanks very much Vlad [1] https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users