To ensure that only root can read the file, enter the following: The controls statement defines access information and the various security requirements necessary to use the rndc command. I want to get notified of this change without reading/parsing the logs manually. Using Kolmogorov complexity to measure difficulty of problems? Creating SSH CA Certificate Signing Keys, 14.3.4. In this case, when the slave initiates a zone transfer, it would fail on getting the SOA record from the master. bingobongo July 2, 2022, 4:05am #8 Hi, Introduction to DNS", Collapse section "17.1. Code: rndc freeze test.com rndc reload test.com rndc thaw test.com 03-24-2018, 06:46 AM #14: gauravbhatkar. Additional Resources", Expand section "D. The sysconfig Directory", Collapse section "D. The sysconfig Directory", Expand section "D.1. Your email address will not be published. Can someone help me figure out how I can get the status of the zone transfer after executing rndc reload which is better than parsing the logs itself. Configuring Winbind Authentication, 13.1.2.4. Additional Resources", Expand section "21. Subscription and Support", Expand section "6. Loading a Customized Module - Persistent Changes, 31.8. LQ Newbie . You also need to tell bind about it, which is normally done in named.conf. New York made that . If so, is there any configuring involved to only let the service be active for a particular interface? How do you ensure that a red herring doesn't violate Chekhov's gun? Distributing and Trusting SSH CA Public Keys, 14.3.5.1. The vsftpd Server", Expand section "21.2.2.6. vsftpd Configuration Options", Collapse section "21.2.2.6. vsftpd Configuration Options", Expand section "21.2.3. Configuring IPv6 Tokenized Interface Identifiers, 12.2.1. The text was updated successfully, but these errors were encountered: Basically, a new logic for using the RNDC command sequence of freeze, reload, thaw shall only be done if its zone (and within its view) have set its allow-update to something other than none or did not set the allow-update (Bind reference) at all. Configuring Anacron Jobs", Expand section "27.2.2. Adding a Broadcast or Multicast Server Address, 22.16.6. System Monitoring Tools", Collapse section "24. Why does Mister Mxyzptlk need to have a weakness in the comics? Interacting with NetworkManager", Expand section "10.3. Thank you for this write up and it has been very helpful. Thanks for the quick answer. Now I apply zone & config with no issues, but still I get 'can't find server for address x.x.x.x: query refused' when I use nslookup. Monitoring Performance with Net-SNMP", Expand section "24.6.2. Establishing a Mobile Broadband Connection, 10.3.8. Opening and Updating Support Cases Using Interactive Mode, 7.6. Additional Resources", Collapse section "E. The proc File System", Expand section "E.1. I have a script that executes rndc reload in on secondary (slave) servers on the zones that are modified. Using the Kernel Dump Configuration Utility, 32.2.3. Configuring Yum and Yum Repositories", Expand section "9.2. Did any DOS compatibility layers exist for any UNIX-like systems before DOS started to become outmoded? Managing Log Files in a Graphical Environment, 27.1.2.1. How is an ETF fee calculated in a trade that ends in less than a year? To learn more, see our tips on writing great answers. I figured out some script using rndc to add/update/remove zones like so: It seems to be quite handy. Using Postfix with LDAP", Expand section "19.4. The best answers are voted up and rise to the top, Not the answer you're looking for? Learn more about Stack Overflow the company, and our products. For example: It's not enough to create the zone file. Master-slave replication would be more appropriate. Styling contours by colour and by line thickness in QGIS. Automating System Tasks", Collapse section "27. Running the At Service", Collapse section "27.2.2. Preserving Configuration File Changes, 8.1.4. Configuring the Firewall for VNC, 15.3.3. Configuring Alternative Authentication Features", Collapse section "13.1.3. Creating a Backup Using the Internal Backup Method, B.4. Using opreport on a Single Executable, 29.5.3. NDC command failed : rndc: 'reload' failed: dynamic zone Actually, to reload a dynamic zone, it must be "freezed" first. Monitoring and Automation", Expand section "24. Engle DCC-GARCH (DynamicConditional Corelational Autoregressive Conditional Heteroscedasticity Model)CCC-GARCH stdafx.h#ifndef WINVER // Allow use of features specific to Windows 95 and Windows NT 4 or later.#define WINVER 0x0501 // Change this to the appropriate value to ta. Line 1 ##### 2 # $Id: named,v 1.52 2007/04/28 20:58:39 bjorn Exp $ 3 ##### 4 How to match a specific column position till the end of line? How can I check before my flight that the cloud separation requirements in VFR flight rules are met? Configuring System Authentication", Collapse section "13.1. Manually Upgrading the Kernel", Collapse section "30. I want to add records to the zone,, not adding a new zone @Neven. Starting ptp4l", Expand section "23.9. Advanced Features of BIND", Collapse section "17.2.5. Analyzing the Core Dump", Expand section "32.5. Do you get any errors at all? The kdump Crash Recovery Service", Collapse section "32. Using Kerberos with LDAP or NIS Authentication, 13.1.3. Create a Channel Bonding Interface", Collapse section "11.2.4.2. Using the dig Utility", Expand section "17.2.5. A zone can be updated either by editing zone files and reloading the server or by dynamic update, but not both. Separating Kernel and User-space Profiles, 29.5.2. I'm working on centos6.5 and bind9 and I have managed to add records to a DNS zone by doing this steps: give the named authorization to the /var/named folder: I test if I add this record by using dig command: but the problem that the record added doesn't appear in the zone file 'example.com.zone'. Interface Configuration Files", Collapse section "11.2. I have a script that takes care of my problem for my bastion host running 2 ISC Bind and an ISC DHCP server. The only downside is all your zone specifications are not all in named.conf.local so you'll have two files to look in if you need to modify any zone options. Is there a solution to add special characters from software and how to do it, The difference between the phonemes /p/ and /b/ in Japanese. Server Fault is a question and answer site for system and network administrators. Type rndc to display usage of the utility and a list of available commands: The following is an example of some of the rndc commands: 1. Configuring the Red Hat Support Tool", Collapse section "7.4. Configuring Static Routes in ifcfg files", Expand section "V. Infrastructure Services", Collapse section "V. Infrastructure Services", Expand section "12. Starting the Printer Configuration Tool, 21.3.4. Samba with CUPS Printing Support", Expand section "21.2.2. Enabling and Disabling SSL and TLS in mod_ssl, 18.1.10.1. It is a name server control utility in bind. For example, you will normally see the following entries: -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. Viewing CPU Usage", Expand section "24.4. Understanding the ntpd Configuration File, 22.10. The SSH Protocol", Expand section "14.1.4. how can I add records to the zone file without restarting the named service? Packages and Package Groups", Expand section "8.3. Domain Options: Using DNS Service Discovery, 13.2.19. Using Channel Bonding", Collapse section "31.8.1. The rndc utility is a command-line tool to administer the named service, both locally and from a remote machine. Managing Groups via the User Manager Application, 3.4. Establishing Connections", Collapse section "10.3. .NETISBN978-7-121-08494-22009679.001 SSH File Transfer ProtocolFTP(http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol)Secure Shell(SSH)Ubuntu ServerSFTPSFTP 10-Year-Old "Mini-Monet" Making a Killing in the Art World Kieron Williamson is an artist who is making bank. Additional Resources", Expand section "25. The vsftpd Server", Collapse section "21.2.2. Your parking history is saved and can be accessed in two ways. Samba Network Browsing", Expand section "21.1.10. Additional Resources", Expand section "23. Configuration Steps Required on a Client System, 29.2.3. Configuring the Time-to-Live for NTP Packets, 22.16.16. bindzonerndc reloadreloaddig rndc reload is1701.top rndc: reload failed: dynamic zone, named , allow-update bindallow-update , zoneallow-updatenonezonezoneallow-updatenonezonestatic, 1http://blog.sina.com.cn/s/blog_56ae1d580102y27s.html. Managing Users and Groups", Collapse section "3. But I've found that changing SOA SN is really good thing to do, because I've encountered similar problems in past. I would appreciate help on this. BIND is not monitoring file changes i.e. Specific Kernel Module Capabilities, 32.2.2. Sorry for the late response. If you're happy with the way this works, stick with it. Log In Options and Access Controls, 21.3.1. Connect and share knowledge within a single location that is structured and easy to search. Copyright 2018-2022 - All Rights Reserved -, rndczonereloadrndc: 'reload' failed: dynamic zone_ljflm-, http://blog.sina.com.cn/s/blog_56ae1d580102y27s.html, https://blog.csdn.net/ljflm/article/details/88926248, DCC-GARCHR_dcc garch r_-, VS2010fatal error C1189: #error : This file requires _WIN32_WINNT to be #defined at least to 0x_Rachel-Zhang-, Region Attention Networks for Pose and Occlusion Robust Facial Expression Recognition_Onwaier-, Lebron 10 Infrared Pe Jovetic targets trophies with City_cisheng1429-, .NET. What is the point of Thrower's Bandolier? Connecting to VNC Server Using SSH, 16.4. Packages and Package Groups", Collapse section "8.2. (If the zone is of type secondary or stub, the files needing to be removed are reported in the output of the rndc . Mail Transport Agents", Collapse section "19.3. Editing Zone Files", Collapse section "17.2.2. The new rules follow the Supreme Court decision overturning New York's handgun licensing law. Date and Time Configuration", Collapse section "2. What I know is I can apply changes using, If you are just adding/removing zones, use. Network Bridge with Bonded VLAN, 11.4. Modifying Existing Printers", Collapse section "21.3.10. Well, as far as rndc.conf being missing, all you need to do is click the 'setup RNDC' icon in the webmin 'BIND DNS Server' screen and confirm to do the setup. The Structure of the Configuration, C.6. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. To reload both the configuration file and zones, type the following at a shell prompt: ~]# rndc reload server reload successful This will reload the zones while keeping all previously cached responses, so that you can make changes to the zone files without losing all stored name resolutions. Using sadump on Fujitsu PRIMEQUEST systems", Collapse section "32.5. Installing and Removing Packages (and Dependencies), 9.2.4. You can use 2 NICs if you want to, and then you can bind services to specific IPs if you want them isolated. Interface Configuration Files", Expand section "11.2.4. The court correctly determined, based on the papers on the motion, that petitioner established by clear and convincing evidence that respondent's March 31, When a client broadcasts a discovery request, the first DHCP server to respond with an IP offer is used. This command requires the allow-new-zones option to be set to yes. Accessing Support Using the Red Hat Support Tool, 7.2. So you have to tell bind to temporarily stop allowing dynamic updates. Browse other questions tagged, Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. Basic ReaR Usage", Expand section "34.2. Working with Modules", Expand section "18.1.8. Enabling the mod_nss Module", Collapse section "18.1.10. Setting Module Parameters", Expand section "31.8. Installing and Removing Package Groups, 10.2.2. Checking Network Access for Incoming HTTPS and HTTPS Using the Command Line, 19.3.1.1. Hello I am happy to hear you were able to resolve the issue. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. Configuring a Multihomed DHCP Server", Expand section "16.5. I hope this clarifies things. Configuring the OS/400 Boot Loader, 30.6.4. Creating Domains: Primary Server and Backup Servers, 13.2.27. Configuring rsyslog on a Logging Server", Collapse section "25.6. That protocol is intended to allow name servers to add whole new zones "on the fly". Desktop Environments and Window Managers", Expand section "C.3. I have a question though. This article is part of the Homelab Project with KVM, Katello and Puppet series. Short story taking place on a toroidal planet or moon involving flying. Using sadump on Fujitsu PRIMEQUEST systems, 32.5.1. Command Line Configuration", Collapse section "2.2. In actuality, it is far safer to perform the freeze, reload, thaw RNDC command sequence for dynamic zone using rndc reload command (read on for more detail logic). If I just bridge those to my home network, wouldnt I get issues with the DHCP service colliding on my home router and the one Im configuring here? Domain Options: Enabling Offline Authentication, 13.2.17. rndc: 'reload' failed: dynamic zone (missing freeze, reload, then thaw), http://jon.netdork.net/2008/08/21/bind-dynamic-zones-and-updates/, https://www.andrewzammit.com/blog/reload-dns-zone-with-bind9-and-rndc/, https://unix.stackexchange.com/questions/132171/how-can-i-add-records-to-the-zone-file-without-restarting-the-named-service, No need to freeze and thaw when reloading, we we now do that earlier, BUG: BIND DNS Server "Failed to sign zone : NDC command failed : rndc: 'reload' failed: out of range". Which way should I use? Email Program Classifications", Expand section "19.3. This is a very annoying problem that i am having with the rndc reload. Creating Domains: Active Directory, 13.2.14. Configuring the Hardware Clock Update, 23.2.1. Overview of OpenLDAP Server Utilities, 20.1.2.2. It only takes a minute to sign up. Gosh. Managing Users via Command-Line Tools", Collapse section "3.4. Editing the Configuration Files", Collapse section "18.1.5. Additional Resources", Collapse section "29.11. Additional Resources", Collapse section "12.4. Sign in Creating Domains: Access Control, 13.2.23. Event Sequence of an SSH Connection", Collapse section "14.1.4. Using the New Configuration Format", Collapse section "25.4. Mail Delivery Agents", Expand section "19.4.2. What is the differences between rndc and manually manipulating named.conf.local, How Intuit democratizes AI development across teams through reusability. Configuring OpenSSH", Collapse section "14.2. Monitoring Files and Directories with gamin, 24.6. Samba Server Types and the smb.conf File", Expand section "21.1.7. Is it a way to the record to be added to the zone file without restarting the named service? Incremental Zone Transfers (IXFR), 17.2.5.4. HERE are many translated example sentences containing "TRANSFERU STREFY" - polish-english translations and search engine for polish translations. Kernel, Module and Driver Configuration, 30.5. We have two CentOS 7 (minimal) servers installed which we want to configure as follows: admin1.hl.local (10.11.1.2) will be configured as a DNS master server Am I missing something here? Configuring Authentication from the Command Line, 13.1.4.4. Selecting the Printer Model and Finishing, 22.7. Editing the Configuration Files", Expand section "18.1.6. Using OpenSSH Certificate Authentication", Expand section "14.3.5. Is a PhD visitor considered as a visiting scholar? It. If you have enabled dynamic update for a zone using the " allow-update " option or by using " update-policy ", you are not supposed to edit the zone file by hand, and the server will not attempt to reload it. Additional Resources", Collapse section "19.6. Im asking because Im using my own computer with virt-manager and thus using a virtual network. Already on GitHub? A slave cannot force the master to reload configuration / zones. Loading a Customized Module - Temporary Changes, 31.6.2. Does Counterspell prevent from any further spells being cast on a given turn? My code is GPL licensed, can I issue a license to have my code be distributed in a specific MIT licensed project? Configure the Firewall Using the Command Line", Collapse section "22.14.2. We don't want to "needlessly" perform freeze-reload-thaw on non-dynamic zones. Configuring the named Service", Collapse section "17.2.1. How can I check before my flight that the cloud separation requirements in VFR flight rules are met? Viewing Hardware Information", Expand section "24.6. For starters, please take my question with a grain of salt, Im at the beginning with iptables. So we have to tell bind to temporarily stop allowing dynamic updates. Additional Resources", Expand section "21.3. Any other solution? vegan) just to try it, does this inconvenience the caterers and staff? Date/Time Properties Tool", Expand section "2.2. It just lets you know whether it went ok, which is most likely the normal condition. Does ZnSO4 + H2 at high pressure reverses to Zn + H2SO4? Asking for help, clarification, or responding to other answers. Connecting to a Samba Share", Expand section "21.1.4. How is an ETF fee calculated in a trade that ends in less than a year? Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. Using the ntsysv Utility", Collapse section "12.2.2. After fighting such problems, I now have a daily cron job : rndc sync -clean and no more problems - ugly but it works. Installing Additional Yum Plug-ins, 9.1. Your email address will not be published. Install packages and ensure that the service is enabled: Configure firewall to allow inbount DNS traffic (we use iptables): Do automatic rndc configuration, and use an authentication key of 512 bits. Updating Packages with Software Update, 9.2.1. Hi, thanks. Disabling Rebooting Using Ctrl+Alt+Del, 6. You can't tell BIND about new zone files with rndc, you have to add the zone configuration into the named.conf file, and then use rndc reconfig. If the -clean argument is specified, the zone's master file (and journal file, if any) are deleted along with the zone. Configuring Authentication", Collapse section "13. The rest can be found from logs, or you could modify this script to do something like. The nature of simulating nature: A Q&A with IBM Quantum researcher Dr. Jamie We've added a "Necessary cookies only" option to the cookie consent popup. Configuring the YABOOT Boot Loader, 31.2. Registering the System and Attaching Subscriptions, 7. Connecting to a Network Automatically, 10.3.1. Synchronize to PTP or NTP Time Using timemaster", Expand section "23.11. I think i need to reload list of domains's DNS zones or all DNS zones (and i assume this WHM function can be used: (WHM/DNS Functions/Set Zone Time To Live) but i also found command for one domain reload: # /usr/sbin/rndc reload mydomain.net WARNING: key file (/etc/rndc.key) exists, but using. Note that rndc won't allow us to reload a dynamic zone: # rndc reload hl.local rndc: 'reload' failed: dynamic zone. Is it possible to create a concave light? Starting, Restarting, and Stopping a Service, 12.2.2.1. Desktop Environments and Window Managers", Collapse section "C.2. Mail Delivery Agents", Collapse section "19.4. What's Next Installing rsyslog", Expand section "25.3. The nature of simulating nature: A Q&A with IBM Quantum researcher Dr. Jamie We've added a "Necessary cookies only" option to the cookie consent popup, Configuring ssh fingerprints on dns to replace known_hosts fails, Bind: Setting up DLV: named thinks zone records records are out of zone, named-checkzone fails reverse zone file with NS has no address records (A or AAAA), BIND9 DNS zone file check reveals "ignoring out-of-zone data". This name server control utility allows command line administration of the named service both locally and remotely. Mail Access Protocols", Expand section "19.2. Specific Kernel Module Capabilities", Expand section "31.8.1. Depending on your setup (i.e., if using serial-update-method) BIND generates new serials on its e.g. Setting up the sssd.conf File", Collapse section "14.1. I think it pertains to reboot and or sudden named daemon death. Resolving Problems in System Recovery Modes, 34.2. Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Staging Ground Beta 1 Recap, and Reviewers needed for Beta 2. Extending Net-SNMP", Collapse section "24.6.5. the record appears in the zone file. Mail Transport Protocols", Expand section "19.1.2. privacy statement. Displaying Comprehensive User Information, 3.5. it returns an error message like this: but when I restart the named service: service named restart How can I check before my flight that the cloud separation requirements in VFR flight rules are met? I do agree that this can be viewed from the monitoring perspective. Disabling Console Program Access for Non-root Users, 5.2. The content of the master configuration file /etc/named.conf can be seen below. Learn more about Stack Overflow the company, and our products. Using the New Configuration Format", Expand section "25.5. Installing and Upgrading", Collapse section "B.2.2. We already have a central log system which can also generate alerts. A Virtual File System", Expand section "E.2. However, let's say I don't need such remote feature. Consistent Network Device Naming", Collapse section "A. Configuring Automatic Reporting for Specific Types of Crashes, 28.4.8. Configuring the Loopback Device Limit, 30.6.3. Cron and Anacron", Expand section "27.1.2. System Monitoring Tools", Expand section "24.1. Practical and Common Examples of RPM Usage, C.2. From a monitoring perspective I think your focus on getting notified on errors during zone transfers misses the point slightly. Basic System Configuration", Collapse section "I. Using indicator constraint with two variables. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. And an error occurs when an attempt is made to perform "Apply Zone" URL action in "Bind DNS Server" Edit Master Zone webpage. Configure the Firewall for HTTP and HTTPS Using the Command Line", Collapse section "18.1.13. Selecting a Delay Measurement Mechanism, 23.9. Stack Exchange network consists of 181 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Black and White Listing of Cron Jobs, 27.2.2.1. Kernel, Module and Driver Configuration", Expand section "30. Channel Bonding Interfaces", Expand section "11.2.4.2. Managing Groups via the User Manager Application", Collapse section "3.3. Basic System Configuration", Expand section "1. If I use the traditional name.conf.local way, does it mean I have to restart bind9 whenever any zone file changes. Internet Protocol version 6 (IPv6), 18.1.5.3. Without the -clean option, zone files must be deleted manually. Extending Net-SNMP with Shell Scripts, 25.5.2. A place where magic is studied and practiced? Create a Channel Bonding Interface", Collapse section "11.2.6. Can you, please, explain, why you only mention the NEW ip_tables ACCEPT INPUT chain entries for port 53? 1 Additional Resources", Collapse section "C.7. Using the rndc Utility", Expand section "17.2.4. Creating SSH Certificates", Collapse section "14.3.5. Running Services", Expand section "12.4. Bulk update symbol size units from mm to map units in rule-based symbology. E.g. 3. 3 I am getting the following error: rndc: connect failed: 127.0.0.1#953: connection refused However the following work fine, [root@cbgfx ~]# service named restart Stopping named: . Configuring Net-SNMP", Expand section "24.6.4. Both servers have SELinux set to enforcing mode. Using fadump on IBM PowerPC hardware, 32.5. Registering the System and Managing Subscriptions", Expand section "7. Thanks for contributing an answer to Stack Overflow! Subscription and Support", Collapse section "II. Should I just create a virtual (isolated) network and put all the servers in there? The xorg.conf File", Expand section "C.7. Selecting the Identity Store for Authentication", Collapse section "13.1.2. Configure the Firewall Using the Graphical Tool, 22.14.2. This creates the missing rndc.conf file. Samba Server Types and the smb.conf File", Collapse section "21.1.6. By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. rev2023.3.3.43278. Slave (s) requests zone transfers. Thanks for contributing an answer to Server Fault! Event Sequence of an SSH Connection, 14.2.3. En quoi la configuration prsente ici permet lIP Failover ? Checking if the NTP Daemon is Installed, 22.14. Mail Transport Protocols", Collapse section "19.1.1. So, SN incrementation is essential. RNDC stands for Remote Name Daemon Control. To enable the DNSSEC validation, type the following at a shell prompt: To enable (or disable in case it is currently enabled) the query logging, run the following command: Expand section "I. Viewing Memory Usage", Collapse section "24.3. Using Rsyslog Modules", Collapse section "25.7. Configure RedHatEnterpriseLinux for sadump, 33.4. Additional Resources", Collapse section "21.2.3. To prevent unauthorized access to the service, rndc must be configured to listen on the selected port (port 953 by default), and an identical key must be used by both the service and the rndc utility. How to configure dns sub-levels on aws without Route53? Additional Resources", Collapse section "16.6. Setting Up an SSL Server", Expand section "18.1.9. The best answers are voted up and rise to the top, Not the answer you're looking for? Linux is a registered trademark of Linus Torvalds. Can you please elaborate? And further, I want to be able to take some action based on the failure message. Additional Resources", Expand section "22. A Virtual File System", Collapse section "E.1. Installing and Managing Software", Collapse section "III. (One NAT and the other one in the 10.11.1.0 range?) :https://blog.csdn.net/AIMINdeCSDN/article/details/103357491, 1.1:1 2.VIPC, rndczonereloadrndc: 'reload' failed: dynamic zone. Configuring Smart Card Authentication, 13.1.4.9. Thanks for contributing an answer to Unix & Linux Stack Exchange! Configuring Centralized Crash Collection", Collapse section "28.5. Configuring Services: OpenSSH and Cached Keys, 13.2.10. Configuring a Multihomed DHCP Server", Collapse section "16.4. Automatic Downloads and Installation of Debuginfo Packages, 28.4.7. Does Counterspell prevent from any further spells being cast on a given turn? Establishing Connections", Expand section "10.3.9. How do you ensure that a red herring doesn't violate Chekhov's gun? Checking for Driver and Hardware Support, 23.2.3.1. Setting Events to Monitor", Expand section "29.5. Configuring Static Routes in ifcfg files", Collapse section "11.5. Samba Server Types and the smb.conf File, 21.1.8. Configuring NTP Using ntpd", Collapse section "22. Procmail Recipes", Collapse section "19.5. Thank you for the help! Configuring Authentication from the Command Line", Expand section "13.2. Configure Access Control to an NTP Service, 22.16.2. rndc reload of all zones may not be your best option, even though it is the easiest Although this has been improved in BIND 9.8.2 and newer, a full rndc reload on a busy server with many authoritative zones can incur significant overhead and affect server performance while it is running.