Re: nsupdate apparently not working for me. What am I overlooking / doing wrong?
On Wed, 29 Jul 2020, Mark Andrews wrote:
> Make sure you are using the CORRECT name in the dig query. You used
> ddns-key.ottawatch.ca instead of ddns-update.ottawatch.ca.
Thanks Mark... so tired I didn't see that when staring at it.
(Blame grass allergies and terrible heat lately.)
> Also you can delete and add in the same UPDATE operation. Remove the
> first “send” in nsupdate.script.
Yes, thanks for the tip. I did man nsupdate :-) I had
nsupdate debug enabled earlier, so split this it up while testing.
> Also ottawatch.ca has DS records but the zone is not signed. You need
> to fix this as lookups are failing for anyone that is validating responses.
Again, testing artifact. Domain is actually signed but I disabled that and
took it out of the config to simplify while testing.
Domain is not live for anything now but my kicking around so no harm done
except to eagle eyes like yours who look up DNSSEC chain of trust :-)
Thanks for your second look and premiere response.
p.s. this Mailman list is slightly misconfigured. I have DKIM signing and
a DMARC policy, so get lots of failure reports when I post to this list.
Any chance you guys could toggle that flag so the list doesn't break DKIM
signing? It's a straight-forward toggle; I use it on Mailman lists I run. _______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.