Re: How to use update-policy type "external"
> I am not sure how to start debugging this. Can anyone help?
Well, start with sharing as much details as you can. It’s hard to tell what you
are doing from a single configuration line.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 14. 3. 2023, at 19:00, Vladimir Brik
> wrote:
>
> Thanks, quoting worked!
>
> Does anybody know if the socket of an "external" update-policy supposed to
> receive data for every dynamic DNS update?
>
> I `strace`ed the `named` process and pushed some updates using nsupdate, but
> I saw no attempts to do anything with the socket file (no opens, no writes)
> and nothing related to the socket in the logs either.
>
> I am not sure how to start debugging this. Can anyone help?
>
>
> Vlad
>
>
>> On 3/14/23 11:06, Ondřej Surý wrote:
>> I haven't used this personally, but in the system tests, this works:
>>update-policy {
>>grant administra...@example.nil wildcard * A SRV CNAME;
>>grant testden...@example.nil wildcard * TXT;
>>grant "local:/tmp/auth.sock" external * CNAME;
>>};
>> e.g. you need to quote the path.
>> The documentation is silent on NAME field, but I would suggest using either
>> * or . as placeholder.
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> ond...@isc.org
>> My working hours and your working hours may be different. Please do not feel
>> obligated to reply outside your normal working hours.
On 14. 3. 2023, at 16:56, Vladimir Brik
wrote:
>>>
>>> Hello
>>>
>>> I am trying to set up an "external" dynamic DNS update policy but I can't
>>> figure out the syntax.
>>>
>>> The documentation [1] says that the "identity" field needs to be in the
>>> form local:PATH, but using something like the following results in an
>>> error: "expected unquoted string near '/'", and I don't know how to fix it.
>>>
>>> update-policy {
>>>grant local:/tmp/sock external NAME txt;
>>> };
>>>
>>> Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
>>>
>>>
>>> Thanks very much
>>>
>>> Vlad
>>>
>>>
>>> [1]
>>> https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
>>> --
>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
>>> this list
>>>
>>> ISC funds the development of this software with paid support subscriptions.
>>> Contact us at https://www.isc.org/contact/ for more information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How to use update-policy type "external"
Hi Vlad,
Did you specify the socket filename (/tmp/sock from your update-policy
example) when running it? According to the man page:
https://bind9.readthedocs.io/en/v9_18_11/manpages.html#nsupdate-dynamic-dns-update-utility
the final argument for the command line is an optional filename. If
not specified, I think that nsupdate just does lookups to find the SOA
and attempts updates via the IP addresses associated with the records
you are trying to update.
something like `nsupdate /tmp/sock` I think maybe? I don't know...
I've never tried it.
On Tue, Mar 14, 2023 at 2:01 PM Vladimir Brik
wrote:
>
> Thanks, quoting worked!
>
> Does anybody know if the socket of an "external"
> update-policy supposed to receive data for every dynamic DNS
> update?
>
> I `strace`ed the `named` process and pushed some updates
> using nsupdate, but I saw no attempts to do anything with
> the socket file (no opens, no writes) and nothing related to
> the socket in the logs either.
>
> I am not sure how to start debugging this. Can anyone help?
>
>
> Vlad
>
>
> On 3/14/23 11:06, Ondřej Surý wrote:
> > I haven't used this personally, but in the system tests, this works:
> >
> > update-policy {
> > grant administra...@example.nil wildcard * A SRV CNAME;
> > grant testden...@example.nil wildcard * TXT;
> > grant "local:/tmp/auth.sock" external * CNAME;
> > };
> >
> > e.g. you need to quote the path.
> >
> > The documentation is silent on NAME field, but I would suggest using either
> > * or . as placeholder.
> >
> > Ondrej
> > --
> > Ondřej Surý (He/Him)
> > ond...@isc.org
> >
> > My working hours and your working hours may be different. Please do not
> > feel obligated to reply outside your normal working hours.
> >
> >
> >
> >> On 14. 3. 2023, at 16:56, Vladimir Brik
> >> wrote:
> >>
> >> Hello
> >>
> >> I am trying to set up an "external" dynamic DNS update policy but I can't
> >> figure out the syntax.
> >>
> >> The documentation [1] says that the "identity" field needs to be in the
> >> form local:PATH, but using something like the following results in an
> >> error: "expected unquoted string near '/'", and I don't know how to fix it.
> >>
> >> update-policy {
> >> grant local:/tmp/sock external NAME txt;
> >> };
> >>
> >> Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
> >>
> >>
> >> Thanks very much
> >>
> >> Vlad
> >>
> >>
> >> [1]
> >> https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
> >> --
> >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> >> from this list
> >>
> >> ISC funds the development of this software with paid support
> >> subscriptions. Contact us at https://www.isc.org/contact/ for more
> >> information.
> >>
> >>
> >> bind-users mailing list
> >> bind-users@lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How to use update-policy type "external"
Thanks, quoting worked!
Does anybody know if the socket of an "external"
update-policy supposed to receive data for every dynamic DNS
update?
I `strace`ed the `named` process and pushed some updates
using nsupdate, but I saw no attempts to do anything with
the socket file (no opens, no writes) and nothing related to
the socket in the logs either.
I am not sure how to start debugging this. Can anyone help?
Vlad
On 3/14/23 11:06, Ondřej Surý wrote:
I haven't used this personally, but in the system tests, this works:
update-policy {
grant administra...@example.nil wildcard * A SRV CNAME;
grant testden...@example.nil wildcard * TXT;
grant "local:/tmp/auth.sock" external * CNAME;
};
e.g. you need to quote the path.
The documentation is silent on NAME field, but I would suggest using either *
or . as placeholder.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 14. 3. 2023, at 16:56, Vladimir Brik wrote:
Hello
I am trying to set up an "external" dynamic DNS update policy but I can't
figure out the syntax.
The documentation [1] says that the "identity" field needs to be in the form local:PATH,
but using something like the following results in an error: "expected unquoted string near
'/'", and I don't know how to fix it.
update-policy {
grant local:/tmp/sock external NAME txt;
};
Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
Thanks very much
Vlad
[1]
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How to use update-policy type "external"
I haven't used this personally, but in the system tests, this works:
update-policy {
grant administra...@example.nil wildcard * A SRV CNAME;
grant testden...@example.nil wildcard * TXT;
grant "local:/tmp/auth.sock" external * CNAME;
};
e.g. you need to quote the path.
The documentation is silent on NAME field, but I would suggest using either *
or . as placeholder.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 14. 3. 2023, at 16:56, Vladimir Brik
> wrote:
>
> Hello
>
> I am trying to set up an "external" dynamic DNS update policy but I can't
> figure out the syntax.
>
> The documentation [1] says that the "identity" field needs to be in the form
> local:PATH, but using something like the following results in an error:
> "expected unquoted string near '/'", and I don't know how to fix it.
>
> update-policy {
>grant local:/tmp/sock external NAME txt;
> };
>
> Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
>
>
> Thanks very much
>
> Vlad
>
>
> [1]
> https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
How to use update-policy type "external"
Hello
I am trying to set up an "external" dynamic DNS update
policy but I can't figure out the syntax.
The documentation [1] says that the "identity" field needs
to be in the form local:PATH, but using something like the
following results in an error: "expected unquoted string
near '/'", and I don't know how to fix it.
update-policy {
grant local:/tmp/sock external NAME txt;
};
Also, the documentation doesn't say how NAME is interpreted.
Is it ignored?
Thanks very much
Vlad
[1]
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
