DDNS conflict with zone update
Mark Andrews
Mark_Andrews at isc.org
Tue Jul 8 01:31:03 UTC 2008
> Mark Andrews wrote:
> > Updates *have* to go to the master, either directly or as
> > the result of the update being forwarded by the slave.
> > As you are using TSIG to do the updates you can just turn
> > on forwarding in the slave.
> >
> > allow-update-forwarding { any; };
> >
> > It is a configuration error to have a allow-update clause
> > in a slave zone.
> >
> Hi
> Thanks for the reply. I've inserted "allow-update-forwarding { any; };
> " in the zone on the slave dns-sever, but i get an error on the master:
> update-security: error: client 192.168.0.1#34559: update 'utysket.dk/IN'
> denied
>
> On the master server I've been trying with "allow-update { 172.16.0.1;
> };", "allow-update { key MasterSlave; };" and "allow-update { key DDNS;
> };" to allow zone-updates, but it haven't changed nothing. I've
> copy/pasted the DDNS key and the MasterSlave key on both dns-server to
> try avoiding the update-deny error. Can you explain what keys is being
> used when dhcp is going through slave-dns to master-dns?
The key specified in dhcpd.conf. The slave doesn't even need to
know it. The slave will forward unknown keys.
> /etc/bind/rndc.key
> key "rndc-key" {
> algorithm hmac-md5;
> secret "";
> };
>
> key "MasterSlave" {
> algorithm hmac-md5;
> secret "";
> };
>
> key "DDNS" {
> algorithm hmac-md5;
> secret "";
> };
>
> BTW. When all three keys is listed in the rndc.key file, i get an error
> "rndc: error: /etc/bind/rndc.key:6: 'key' redefined near 'key'".
> Shouldn't it be possible to hold all three?
Named has already read in a key called rndc-key, most probably
from /etc/rndc.key (which is the default location).
> --
> /Lars
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list