0

For example I have a zone example.com and someone created a dotted hostname app.subzone which resolves to app.subzone.example.com in it.

Now I create a new zone subzone.example.com and an record appin it.

At this point I can no longer query the record app.subzone in the zone example.com, but I still can update/delete it with nsupdate, e.g.

nsupdate -k .key
> server xxx.xxx.xxx.xxx
> zone example.com
> update delete app.subzone.example.com a
> send

My question:

Is there any way to query for a Record in a specific zone? I couldn't find an option for nslookup or dig.

For my concrete use case I deleted the old dotted hostname records and just wanted to check whether they are gone. At this point I found out, that nslookup does not support the same zone specifier like nsupdate.

TheKangaroo
  • 1
  • I don't know about a option in dig/nslookup to specify the zone, but you could list all records for the said zone and grep for the record you are searching. For the first command you would need permission to perform a zone transfer. You can try to authorize via your key file. List all records via zone transfer: "dig -tAXFR -k. key example.com" List all records without cname and without zone transfer: "dig +nocmd example.com any +multiline +noall +answer" – Lorem ipsum Sep 01 '20 at 09:27
  • AFAIK You can't direct a query to specific zone, bind will only update and/or return answers from the most appropriate zone. - I can't test right now but `named-checkconf` might be able to give you a notification that the record `app.subzone.example.com` is out-of-zone data in the `example.com.` zone once you have configured `subzone.example.com.` as a separate zone file, allowing the hostmaster to take appropriate action. That might even come as a start-up warning /error as well – Bob Sep 01 '20 at 13:39
  • 1
    Okay, zone transfer and grep actually works but requires permissions and a TSIG key. Too bad there is no other way. – TheKangaroo Sep 03 '20 at 07:48
  • Zone transfers do not mandate TSIG. It is customary to protect them that way but absolutely not mandatory. Some root servers allow public zone transfers. – Patrick Mevzek Sep 05 '20 at 20:38
  • Okay, good to know, @PatrickMevzek. Thanks :) – TheKangaroo Sep 11 '20 at 07:32

0 Answers0