[nsd-users] nsd-control delzone on a zone that is defined in the nsd.conf
wouter at nlnetlabs.nl
Tue May 14 09:01:38 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 05/08/2013 11:32 PM, Jaap Akkerhuis wrote:
> I am trying to wrap my head around the rationale of the restriction
> on not allowing nsd-control to delzone a zone that is configured in
> the nsd.conf. What is the risk here? Is it more of an operational
> one where it will not truly delete if a stop/start of the daemon
> occurs without modification of the nsd.conf? I mean, if your
> workflow is to always update your nsd.conf by removing entries for
> zones you are planning to delzone (and then blowing away the
> zone.list file before start) -- then where is the problem,
> I see the restriction only exists in remote.c, and it doesn't look
> like deleting one of these zones declared in the nsd.conf would be
> much different that one that wasn't (although I am probably missing
> Can you help me understand this, please?
> FYI, Wouter is on vacation so it might take another week or so
> before he answers. What I do remember from talking about this is
> that "nsd-control delzone" is merely the inverse of "nsd-control
> Zones defined in nsd.conf are supposed to be static that is why
> the man nsd-control says:
> Zones configured inside nsd.conf itself cannot be removed this
> way because the daemon does not write to the nsd.conf file,
> you need to add such zones to the zonelist file to be able to
> delete them with the delzone command.
> Hope this helps.
Yes, what you can do, if you modify the nsd.conf yourself, is that you
modify the nsd.conf and then nsd-control reconfig (you need that
latest svn trunk of NSD4 for that, beta4 does not have this feature).
Then it adds and removes the changes you made in the config file.
This may fit better into your existing workflow.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the nsd-users