Forum Discussion

Cirrocumulus

Jun 09, 2025

nsupdate to modify zone in specific views.

we have zone name example.com and we have 2 view (external and internal) so in /var/namedb/ we have zone file db.external.example.com and db.internal.example.com . How can we use nsupdate to modi...

Employee

Jun 09, 2025

Hello kridsana ,

nsupdate is a *nix command that doesn't support views.

When you run nsupdate remotely from a remote IP x.x.x.x, the DNS simply find a match for your remote IP and shows you the right view/file so you can modify (if you have permissions) only your view file.

You are using views to offer different resolutions, but not the same remote IP (or same TSIG Key) :)

To avoid this behavior you can configure different listeners with iRules that permit DNS requests only from the right IPs + your remote IP.

If I didn't quite understand what your scenario is, could you please detail it better?

Fabio

kridsana
Cirrocumulus
Jun 09, 2025
Please correct me if I'm wrong.
If I need to modify record with nsupdate (there is many record I need to update at once. zonerunner didn't do the job). on both external (public IP) and internal (private IP) views.
1. I think I need to run nsupdate from public IP remote host to change record in external views
2. run nsupdate from internal IP to change record in internal views

Am I correct?
- CeinarF
  Employee
  Jun 10, 2025
  If you have configured "strict/classical views" yes.
  
  If you could change a little your configuration using 2 different listeners (one for public zone and one for internal zone) you can handle the access using iRules to permit only requests from the right IPs:
  
  private_IPs + (remote server IP) for your internal listener
  
  !(private_IPs) + (remote server IP) for your external listener
  
  In this way you don't need 2 different servers/IPs.
  
  Fabio