I have a DNS server up and running with a zone configured for my domain with the allow-update directive enabled. I have the initial configuration for the domain in the file /var/cache/bind/db.mydomain.com this file has a line with $INCLUDE db.aux.mydomain.com directive to load records from this file.
The problem comes when I do an update of the zone using nsupdate because bind rewrites the file db.mydomain.com by deleting the $INCLUDE line and putting the content of db.aux.mydomain.com directly in db.mydomain.com file.
How I can prevent this?
I don't think you can avoid that.
When you enable dynamic updates for a zone you are essentially handing the control of the zone file contents to bind; you are no longer allowed to make changes directly in the file and bind will need to rewrite it after updates.
As for
$INCLUDEin that context, what would bind be expected to do if it were to keep the include statements?Would it be expected to modify all of the referenced files as necessary when making updates?
What if some of include files are referenced from multiple zones?
What if you add a record for
foo.aux.mydomain.com? Bind would have no idea that the filenames mean something to you, it wouldn't know to add the entry in that file specifically.If dynamic updates are not supposed to apply to that subdomain a better option may actually be to delegate and have that as a separate zone.