Re:Re: Re: Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Zhengyu Pan
>do you mean, the same domains with different content, depending on clients' >IPs? That's common multiple-view setup >(nothing special or intelligent). Yes, I will create a view and acl for every client. Because every client has the unique IP address. >Why? Do you have that many clients

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Mark Andrews
and the following for the child side should work. If you are only interested in DS algorithm 2 check that $6 == 2 (&& $6 == 2) when selecting DS and CDS records from the stream. Again untested. while read zone garbage do ( echo "ds -q $zone"; echo "cds -q $zone"; ) | dig +noall

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Mark Andrews
The following should work. I’ve not tested it. zone=“$1" shift dig axfr -q "${zone}" | tr '[A-Z]' '[a-z]' | awk ‘ BEGIN { zone=“” } $4 == “soa” { zone=$1 } $1 != zone && $4 == "ns" { print "cds", $1 }' | sort -u | dig -f - | awk ' BEGIN { last = ""; secure=0 } $1 = ";;" && $2 == "flags:" {

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Bob Harold
On Thu, Apr 15, 2021 at 12:44 PM Tony Finch wrote: > Matthijs Mekking wrote: > > On 15-04-2021 16:35, Bob Harold wrote: > > > > > > If BIND holds both the child and parent zone, will it add the DS record > > > at the correct time? Or do I still need to write scripts to update the > > > DS

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Tony Finch
Matthijs Mekking wrote: > On 15-04-2021 16:35, Bob Harold wrote: > > > > If BIND holds both the child and parent zone, will it add the DS record > > at the correct time?  Or do I still need to write scripts to update the > > DS records in all my sub-zones?  And is there some signal from BIND at >

Re: Re: Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Matus UHLAR - fantomas
On 15.04.21 20:53, Zhengyu Pan wrote: The "intelligent" means that dns server return the corresponding A record IP address according to the source IP address of the tenants. My dns server is an Authoritative dns server. It hosts the zones of different tenants. do you mean, the same domains

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Matthijs Mekking
On 15-04-2021 16:35, Bob Harold wrote: On Thu, Apr 15, 2021 at 8:50 AM Bob Harold > wrote: On Thu, Apr 15, 2021 at 2:57 AM Matthijs Mekking mailto:matth...@isc.org>> wrote: On 14-04-2021 22:30, Greg Rivers via bind-users wrote: > On

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Bob Harold
On Thu, Apr 15, 2021 at 8:50 AM Bob Harold wrote: > > On Thu, Apr 15, 2021 at 2:57 AM Matthijs Mekking wrote: > >> >> >> On 14-04-2021 22:30, Greg Rivers via bind-users wrote: >> > On Wednesday, 14 April 2021 15:00:38 CDT Bob Harold wrote: >> >> Does anyone have an automated KSK roll process,

Re:Re: Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Zhengyu Pan
The "intelligent" means that dns server return the corresponding A record IP address according to the source IP address of the tenants. My dns server is an Authoritative dns server. It hosts the zones of different tenants. I need to update config file name.conf frequently Because The views

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Bob Harold
On Thu, Apr 15, 2021 at 2:57 AM Matthijs Mekking wrote: > > > On 14-04-2021 22:30, Greg Rivers via bind-users wrote: > > On Wednesday, 14 April 2021 15:00:38 CDT Bob Harold wrote: > >> Does anyone have an automated KSK roll process, that checks for the DS > >> record at the parent, that they can

Re: Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Matus UHLAR - fantomas
On 15.04.21 15:35, Zhengyu Pan wrote: I want to implement intelligent DNS through bind9. I need to add a custom line(IP address ranges) to bind9 using acl and view when add a user. Because when add a tenant, i need to define a new acl and view. I don't want to update named.conf config file

Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Zhengyu Pan
Hi, I want to implement intelligent DNS through bind9. I need to add a custom line(IP address ranges) to bind9 using acl and view when add a user. Because when add a tenant, i need to define a new acl and view. I don't want to update named.conf config file frequently. Does bind9 support

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Matthijs Mekking
On 14-04-2021 22:30, Greg Rivers via bind-users wrote: On Wednesday, 14 April 2021 15:00:38 CDT Bob Harold wrote: Does anyone have an automated KSK roll process, that checks for the DS record at the parent, that they can share? As far as I can tell, the automated signing in BIND will roll