(no subject)
Michael Hale
smiley at verio.net
Tue Sep 25 23:20:04 UTC 2001
was wondering if you could help me with a problem that we're
experiencing.
For some undetermined reason, one of our nameservers (BIND 8.2.3)
has started denying updates to some of our in-addrs from a server
that's allowed in one of our ACLs. For example:
From the config on b.ns.verio.net:
acl updaters {
129.250.35.8;
129.250.35.30;
};
One of the zones that's being denied:
zone "3.150.207.in-addr.arpa" IN {
type master;
file "zones/arpa/db.207.150.3";
allow-updates {
updaters;
};
};
The error message on b.ns.verio.net:
Sep 25 20:28:25 dfw-master2 named[25455]: denied update from
[129.250.35.30].53265 for "3.150.207.in-addr.arpa"
Here's the config file for this zone:
$ORIGIN 3.150.207.in-addr.arpa.
@ 1D IN SOA b.ns.verio.net. dns.verio.net. (
2001050100 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
1D IN NS ace.gi.net.
1D IN NS westie.mid.net.
1D IN NS ns3.gi.net.
1D IN NS b.ns.verio.net.
I can't think of any particular reason why the update from 129.250.35.30
would be denied, especially since that IP is in the ACL used in our
allow-updates section. anybody have any ideas? What am I missing
here? Dynamic updates *are* working for some zones, which have
identical config file syntax.
--
Michael Hale <smiley at verio.net>
Verio ISS engineer - DNS team Verio, Inc.
-- Binary/unsupported file stripped by Listar --
-- Type: application/ms-tnef
-- File: winmail.dat
-- Binary/unsupported file stripped by Listar --
-- Type: application/ms-tnef
-- File: winmail.dat
More information about the bind-users
mailing list