Help - dynamic updates suddenly failing...
Kevin Darcy
kcd at daimlerchrysler.com
Tue Sep 25 20:58:59 UTC 2001
There is no "s" in "allow-update". Wasn't there something about this in your
logs?
- Kevin
Michael Hale wrote:
> I was wondering if you could help me with a problem that we're experiencing.
>
> For some undetermined reason, one of our nameservers (BIND 8.2.3)
> has started denying updates to some of our in-addrs from a server
> that's allowed in one of our ACLs. For example:
>
> From the config on b.ns.verio.net:
>
> acl updaters {
> 129.250.35.8;
> 129.250.35.30;
> };
>
> One of the zones that's being denied:
>
> zone "3.150.207.in-addr.arpa" IN {
> type master;
> file "zones/arpa/db.207.150.3";
> allow-updates {
> updaters;
> };
> };
>
> The error message on b.ns.verio.net:
>
> Sep 25 20:28:25 dfw-master2 named[25455]: denied update from
> [129.250.35.30].53265 for "3.150.207.in-addr.arpa"
>
> Here's the config file for this zone:
>
> $ORIGIN 3.150.207.in-addr.arpa.
> @ 1D IN SOA b.ns.verio.net. dns.verio.net. (
> 2001050100 ; serial
> 3H ; refresh
> 1H ; retry
> 1W ; expiry
> 1D ) ; minimum
>
> 1D IN NS ace.gi.net.
> 1D IN NS westie.mid.net.
> 1D IN NS ns3.gi.net.
> 1D IN NS b.ns.verio.net.
>
> I can't think of any particular reason why the update from 129.250.35.30
> would be denied, especially since that IP is in the ACL used in our
> allow-updates section. anybody have any ideas? What am I missing
> here? Dynamic updates *are* working for some zones, which have
> identical config file syntax.
>
> --
> Michael Hale <smiley at verio.net>
> Verio ISS engineer - DNS team Verio, Inc.
>
> --
> Michael Hale <smiley at verio.net>
> Verio ISS engineer - DNS team Verio, Inc.
More information about the bind-users
mailing list