Is there a clean way to force nsd to ask the master for a new copy of a slaved zone? I would have hoped that there was an nsdc command for this.
--Paul Hoffman
If 'nsdc update' is not good enough, I'm afraid you're probably stuck with running
"nsdc patch" followed by removing the zone file, followed by an "nsdc rebuild".
Paul
It isn't, at least in my testing. But now that I look harder, I think I see the problem. Before, I had:
zone:
name: vpnc.org
zonefile: slave/vpnc.org
allow-notify: 192.245.12.229 NOKEY
request-xfr: 192.245.12.229 NOKEY
If I add:
allow-notify: 127.0.0.1 NOKEY
Then "nsdc update" works the way I would hope,
Was there a way I was supposed to have figured this out on my own? That is, I certainly don't see this described in the man page for nsd.conf. Or, am I completely misunderstanding how the nsd.conf file should look for a simple slave server?
--Paul Hoffman
from "man nsdc":
update Updates all the slave zones which have allow-notify: from local-
host (127.0.0.1 or ::1) allowed. If a TSIG key is specified for
the allow-notify statement in the config file, it will be used
to secure the notify. Note that NSD keeps track of zone timeouts
automatically, this is only needed if you want to manually force
updates by sending notify messages to the localhost.
Another method you can use is to stop nsd, delete the xfrd.state
file and then start nsd again. It will try to update all zones.
This method does not require allow-notify: statements.
Paul
Interesting! Thanks.