Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: DNS Record Updates Via Command Line ?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS Record Updates Via Command Line ?

On Jun 4, 2010, at 4:17 PM, Olivier DUCROT wrote:

> Yes it is, with serveradmin settings dns command, but it's much easyier to modify dns plaintext files using a tex ediot or a script.

I have seen serveradmin commands that let you check certain things about DNS, but I haven't seen any that let you edit anything.
I checked the man page on this and don't see anything regarding that.

I'm still trying to get this to work with the nsupdate command.

I have added in the  allow-update {key rndc-key;};  on the particular zone that I am editing.

admin$ nsupdate
> key rndc {my rndc key here}
>update delete
>update add 300 A


Then I get back "update failed: REFUSED"

I have a feeling this has something to do with my rndc key or my syntax on this.

There already seems to be a rndc key set up in the file /etc/rndc.key

In the named.conf file I have in place.

controls {
	inet port 54 allow {any;} keys {


zone "" in {
	file "";
	type master;
	allow-update { rndc-key; };

I read somewhere about changing the port from 54 to 953, but I'm not sure why that would be.
I did try that, but it didn't make any difference so I went back to the default of 54.

> Olivier DUCROT
> Faites comme moi, découvrez l'iPad, la tablette tactile Apple.
> Le 4 juin 2010 à 19:22, Roger Corbin <email@hidden> a écrit :
>> I'm wondering if anyone knows if it's possible to do updates to DNS records via command line on OS X Server ?
>> I think it's possible to do when running a DNS service on OS X Client.
>> To my knowledge on OS X Client you can use the nsupdate utility via command line.
>> I want to be able to delete a record and then add it back in with a changed IP.
>> Here is an example of how I believe this would look
>> $nsupdate
>>> update delete
>>> update add 300 A
>>> send
>> When I try this on an OS X Server machine it goes through all the motions, but then says Refused.
>> "update failed: REFUSED"
>> If you issue the nsupdate command with a -d it puts it into debug mode. Going through it that way
>> everything seems to go through the motions correctly, but in the end it gives the REFUSED error.
>> Is there another way of doing this via command line ?
>> What is this all for ? It's part of a fail over system where I need to change the DNS record of something automatically
>> if something fails. I need this other system to be able to SSH over to the OS X Server that is running DNS and make
>> a change on a given DNS record.
>> Any ideas ?

Hi Roger,

On Jun 4, 2010, at 1:22 PM, Roger Corbin wrote:

> Any ideas ?

DNS updates with nsupdate require that you have the proper RNDC key (e.g. /etc/rndc.key) on the machine running the command. You must also be sure that the particular zone entry in the named.conf (or in the Apple provided zone files) contains the allow-update parameter with the appropriate key. For example...

allow-update {key rndc-key;};

You must also be sure that RNDC is configured properly to hit the right nameserver.

It's definitely possible to do local and remote nsupdates on Mac OS X Server. I manage several networks that do this. You just need to be sure everything is configured properly. I'd strongly suggest picking up Cricket Liu's "DNS and Bind" book. Also, take a look at all the DNS config files on the system to get a feel for how this all fits together.

hope that helps,

Jaime Magiera

Sensory Research, Inc.

Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 >DNS Record Updates Via Command Line ? (From: Roger Corbin <email@hidden>)

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.