I'm trying to add an A record for `test` at the `example.com` zone using nsupdate along with Ansible, but I'm getting the following error: `updating zone 'example.com/IN': update unsuccessful: test.example.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)`. It seems like this issue is related to BIND rather than Ansible since `test.example.com` doesn't exist yet and `db.example.com` is an authoritative zone file. I'm wondering if there's a way to get more detailed information from BIND about what's causing this issue? **EDIT**: I've noticed the records seem to be added on the server even though the zone files don't update. When I check via dig, it returns the correct response for the new subdomain, but the zone file doesn't reflect this. Restarting BIND sometimes updates the zone file, but not always. Any thoughts on why this might be happening?
2 Answers
The NXRRSET error you're encountering usually indicates that there’s some kind of prerequisite check failing. Since you're using DDNS, remember that changes might not be reflected instantly in the zone file. To flush all changes to the zone file, you can use `rndc sync [ZONE]` to update it directly. It’s worth checking what specific commands Ansible is sending; it might initially check a condition which isn't met, and that could cause the error you're seeing. You could also take a closer look at the output from nsupdate along with BIND’s logs for further clues. It's pretty detailed and usually self-explanatory if you dig a bit deeper.
To get more insight from BIND, you can enable debug mode using the `-d` option, which gives you detailed tracing of the update requests and responses. You could also try using `-D` for extra debug info. If you issue a command with `debug` before your update, that might help too. But honestly, sometimes these options don’t provide the clarity needed.
Also, check the logs in `/var/log/named` if you are on a Debian-based system. Regarding the zone file not updating, ensure that the zone is configured for dynamic updates and that it’s not frozen (use `rndc thaw` to thaw it if needed). Permissions on the zone directory could also be a factor, so ensure that it’s writable by the BIND user. If things are still unclear, the BIND user mailing list could offer some helpful insights. Good luck! If you solve this, please share the fix for future reference!
Thanks for the tips! After some fiddling, it seems the zone file does eventually update, but it takes a long time—up to 15 minutes sometimes. The changes are visible immediately via dig, but not reflected in the zone file until later. Is this a usual delay?