I've a BIND9 server with a lot of zones and I need to increase the serial number of the zone files by one. Some zones are using the YYYYMMDDXX format but other zones just increase it by one, as they are dynamic DNS zones, so updating all by one would do the job for me.
There's a way to do this? I tried with sed
but I'm lacking knowledge to do this automatically.
This would be pretty difficult to do in 'sed' but it is fairly easy in 'awk'.
If it is an SOA line ("SOA" with a space or tab before and after it) then increment field 7 (serial number). Print every line.
This only increments the serial number which is what was asked, however you'll still need to trigger a reload and notifies to the secondary servers to propagate the changes.
Since the bind zone format is pretty flexible any simple text manipulation tools might be a bit dangerous.
One method to accomplish your goal, might be to enable dynamic updates for all your zones, with acls limiting access from the local machine only. Then simply add add, and then remove a temporary record in each zone with nsupdate. Bind will deal with updating the serial for you.
If you are dealing with a one-off event and need to force a transfer, then
rndc retransfer
is the tool of choice for ignoring serial numbers and just doing it. This approach should not be used for day to day work (it throws off serial number accuracy), but sometimes the need for working out of band is greater.A loop around the following should do the trick:
rndc -s ${someslave} -k ${yourkey} retransfer ${i}.example.com
(as a side note, this is also the preferred way of fixing a serial number when it is incremented into the future)
If the SOA's of all the domains are going to be the same, just put the SOA in a separate file, db.soa or something, and then include it in each zone:
That way there's only one place to have to increment. Also, depending on exactly how you're implementing whatever all you're doing, it may make more sense to use UNIX epoch time as the serial instead of incrementing by one each time. You could create a script, say touch-zones.sh that would overwrite the db.soa file and use the current unix timestamp in the serial. all zones would then by inclusion have their serials incremented.
I've used a utility called h2n to manipulate BIND zone files. I first learned about it the O'Reilly DNS and BIND book. You want the "-y" option.
A nice HOWTO about this is at:http://www.microhowto.info/howto/reset_the_serial_number_of_a_dns_zone.html
This is also the recommended way in the DNS & BIND book (2006 ed.). The important thing to understand is that DNS SOA serial numbers "wrap around". Unfortunately, the typical YYYYMMDDXX serial numbers breaks with dynamic updates and I think that it might be better to dispense with that altogether, and use montonically increasing serial numbers and keeping zone files in version control.
For, the specific problem at hand, I think the larger challenge would be to identify the number that would make all zones think is a larger one and synchronize them all to that.
Similar questions on SX: