Dynamic DNS on Bind

I’m trying to configure Dynamic DNS (RFC2136) on my bind server, but can’t understand how should i manage the zonefiles.
Actually the zonefiles are in the /nix/store, and obv they’re read-only files, but dynDNS needs to dynamically edit those zonefiles (let’s encrypt, through lego-acme, for examples).
I managed to setup dynDNS, but when i try to test it using nsupdate i got those errors:

stdio.c:29: unexpected error:
Aug 30 16:58:39 kelpie.garr.cloud.pa. named[969906]: unable to convert errno to isc_result: 30: Read-only file system
Aug 30 16:58:39 kelpie.garr.cloud.pa. named[969906]: /nix/store/xgxi3vkw0gsqw68bj5vqhfj3brbs5ymg-foo.me.zone.jnl: create: unexpected error

And i guess that those are related to the zonefile in the /nix/store being read-only…

Any ideas?

1 Like

i solved this by using a writable directory in /etc/bind/zones, write the zone file to that and point bind at that file for this zone.

here’s an incomplete snippet and i’m happy to add more details or explain if something’s not understandable.

  system.activationScripts.bind-zones.text = ''
    mkdir -p /etc/bind/zones
    chown named:named /etc/bind/zones

  environment.etc."bind/zones/${fqdn}.zone" = {
    enable = true;
    user = "named";
    group = "named";
    mode = "0644";
    text = ''
      $ORIGIN .
      $TTL 86400      ; 1 day

  services.bind = {
    enable = true;
    extraConfig = ''
      include "/var/lib/secrets/*-dnskeys.conf";
    zones = [
        name = fqdn;
        allowQuery = [ "any" ];
        file = "/etc/bind/zones/${fqdn}.zone";
        master = true;
        extraConfig = "allow-update { key rfc2136key.${fqdn}.; };";
1 Like