[dns-operations] Cleaning up glue with dynamic DNS updates
Jan Včelák
jv at fcelda.cz
Tue Mar 21 11:56:50 UTC 2017
Hello Anand,
I agree that what you need is not possible with dynamic updates. But
there are alternatives for sure.
This is one of these alternatives: Knot DNS has a control interface
which supports transactional modification of a zone. So you can query
for the NS record, implement custom logic to decide what to remove,
and then perform desired changes. All in one transaction.
Luckily, there is a Python binding for the control protocol. The API
is rather low-level but usable. I quickly hacked a prototype that does
what you need:
https://gist.github.com/fcelda/ab862ae7054068e8cfe5019a0076a7a4
Regards,
Jan
On Sat, Mar 18, 2017 at 12:20 PM, Anand Buddhdev <anandb at ripe.net> wrote:
> Hello DNS experts,
>
> If I am using dynamic DNS updates with a zone, how do I handle cleaning
> up glue records? For example, suppose I update a zone with the following
> (using nsupdate):
>
> zone example.com.
> update add a.ns.sub.example.com. A 192.0.2.1
> update add b.ns.sub.example.com. A 192.0.2.2
> update add sub.example.com. NS a.ns.sub.example.com.
> update add sub.example.com. NS b.ns.sub.example.com.
> send
>
> At some later time, if I want to change or delete the delegation to
> sub.example.com, how can I ensure that the associated glue records are
> also removed? I don't think nsupdate allows this.
>
> Oh, I have considered the setup where I have to remember what I added,
> in some persistent storage, so I can look it up later and remove it.
> However, if I don't have such a record in persistent storage, is there
> any way to reliably delete the glue as well?
>
> Regards,
> Anand
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list