BIND 9.x nsupdate and "no valid servers found"

pmacias at lucent.com pmacias at lucent.com
Wed Mar 28 11:49:06 UTC 2001 

Hello,

I am testing BIND 9.x to replace our 8.2.3 servers (running linux
2.2.16 - slackware). I am having difficulty with dynamic updates running
nsupdate on the same host running BIND.

The bottom line is when I run nsupdate I receive the error 

	   "no valid servers found"

Here are the relevant portions of named.conf:

    -------------------------------
    key kenan.com. {
      algorithm hmac-md5;
      secret "Hxxxxxxxxxxxxxxxxxxxxx==";
    };
    
    
    controls {
    	  inet 127.0.0.1 allow { localhost; } keys 
    	       { kenan.com.;
    	       };
    };
    
    zone "kenan.com" {
    	    type master;
    	    file "db.kenan.com";
    	    allow-update { 
    			  135.109.16.61.; 
    			 };
    };
    -------------------------------

...and rndc.conf:

    -------------------------------
    server localhost {
    	key     kenan.com.;
    };
    
    options {
    	       default-server localhost;
    	       default-key    kenan.com.;
    };
    
    key kenan.com. {
      algorithm hmac-md5;
      secret "Hxxxxxxxxxxxxxxxxxxxxx==";
    };
    -------------------------------

These allow the server to start and rndc to reload. 

Following the notes from the on-line docs (ie:
http://hpuxschool.net/pub/bind/bind-9.0.1/doc/arm/Bv9ARM.ch04.html#tsig)
I have tried running nsupdate by creating a USER key with 


  dnssec-keygen -a hmac-md5 -b 128 -n USER root.


or a HOST key with


    dnssec-keygen -a hmac-md5 -b 128 -n HOST local-update.


The corresponding additional/changed entries to named.conf were:

    -----------------
    key root. {
      algorithm hmac-md5;
      secret "Hxxxxxxxxxxxxxxxxxxxxx==";
    };
    
    server 135.109.16.61 {
    	   keys { root.; };
    };

    zone "kenan.com" {
    	    type master;
    	    file "db.kenan.com";
    	    allow-update { 
    			  key root.; 
    			 };
    };
    -----------------

and 

    -----------------
    key local-update. {
      algorithm hmac-md5;
      secret "Hxxxxxxxxxxxxxxxxxxxxx==";
    };
    
    server 135.109.16.61 {
    	   keys { local-update.; };
    };

    zone "kenan.com" {
    	    type master;
    	    file "db.kenan.com";
    	    allow-update { 
    			  key local-update.; 
    			 };
    };
    -----------------

...respectively. 

I ran nsupdate with the commands:

	      nsupdate -k /etc/domain/finals/Kroot.+157+18628.private
	      nsupdate -y root:Hxxxxxxxxxxxxxxxxxxxxx

and
	      nsupdate -k /etc/domain/finals/Klocal-update.+157+18628.private
	      nsupdate -y local-update:Hxxxxxxxxxxxxxxxxxxxxx

In all instances I receive the error

	   "no valid servers found"

I am still researching this and playing at dofferent configurations.

Any help?


  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Phil Macias * pmacias at okapi.kenan.com * 609 639 2172

More information about the bind-users mailing list