Hello everyone! Could somebody give me a hint on how to establish safe coexistence of dynamic DNS update and ISPConfig3? I am adding allow-update{ key client.dynupd; }; for one of ISPConfig managed zones, and it works fine (with ipupdate.exe), until the ISPConfig sees the change and rollback it with it's own values. Is there any way to add this through the ISPConfig or mark it somehow as 'dont touch section'?
Can't you use the "Update ACL" in ISPConfig interface? I know that normally you put IP addresses there, but it might be worth a try...
I have tried to add there a sample IP to see what will happen. And happened terrible After the update /etc/bind/named.conf.local became 1 bytes long, file pri.mydomain.com got renamed into pri.mydomain.com.err and nothing could change that. Neither removing recreating DNS zone, nor even a system restart. P.S. in any case which IP address may I put there if the IP which should update itself's A record is dynamic by nature?
Putting something there should not change your pri.xxx zone, but /etc/bind/named.conf.local I tried with an IP address and with key client.dynupd, both resulted in a zone where XXX was what I put into that field: Code: zone "domain.tld" { type master; allow-transfer {none;}; allow-update {XXX;}; file "/etc/bind/pri.domain.tld"; };
Thanks a lot! You are absolutely right! I have put in 'Update ACL' field 'key client.dynupd' and that key description in named.conf.options. This configuration works perfectly and seems not being broken by ispconfig during zone edit.
For these who a looking this thread: ispconfig overwrites named.conf.options file time to time, so be ready to restore it from backup.
When I re-read your previous post I think you got it wrong and that is why you now said the above. In ISPConfig you are not supposed to change the file manually as ISPConfig uses database and that will always overwrite the file. I do not maintain my own nameservers anymore so I cannot give you the exact how to but basically we use ISPConfig UI something like what was advised in reply #2 above, if not exactly, as much as possible.
