DDNS Update Error not really fixed?

John Hascall john at iastate.edu
Fri Oct 26 15:57:10 UTC 2007 

In the Release notes file (for 3.1.0) I see this entry:

                        Changes since 3.0.3

- A DDNS update handling function was misusing the DNS error codes, rather
  than the internal generic result enumeration.  The result is a confusing
  syslog line, logging the wrong condition.

but in my syslog I am seeing:

Oct 26 09:38:04 netreg-1 dhcpd: \
Unable to add forward map from d810laptop.iastate.edu to 10.32.106.1: timed out

but the actual error was not a timeout -- it was a refused (dhcpd is not
permitted to update that zone).


I think this is triggering a bug which prevents DDNS updates from
working properly.

In the function res_nupdate() in the file minires/res_update.c
starting at line 163 we see the code below.

163     rcode = find_tsig_key (&key, zptr->z_origin, zcookie);
164     if (rcode == ISC_R_SUCCESS) {
165             rcode = res_nsendsigned(statp, packet, n, key,
166                                     answer, sizeof answer, &rval);
167             tkey_free (&key);
168     } else if (rcode == ISC_R_NOTFOUND || rcode == ISC_R_KEY_UNKNOWN) {
169             rcode = res_nsend(statp, packet, n,
170                               answer, sizeof answer, &rval);
171     }
172     if (rcode != ISC_R_SUCCESS)
173             goto undone;
174
175     rcode = ns_rcode_to_isc (((HEADER *)answer)->rcode);
176     if (zcookie && rcode == ISC_R_BADSIG) {
177             repudiate_zone (&zcookie);
178     }
179
undone:
181     /* Restore resolver's nameserver set. */
182     statp->nscount = nscopy(statp->nsaddr_list, nsaddrs, nscount);
183     nscount = 0;
done:
185     if (zptr) {
186             if ((zptr->z_flags & ZG_F_ZONESECTADDED) != 0)
187                     res_freeupdrec(ISC_LIST_HEAD(zptr->z_rrlist));
188             free(zptr);
189     }
190
191     /* If the update failed because we used a cached zone and it
192        didn't work, try it again without the cached zone. */
193     if (zcookp && (rcode == ISC_R_NOTZONE || rcode == ISC_R_BADSIG)) {
194             zcookp = 0;
195             goto again;
196     }

If res_nsend (169) fails because the update is refused
for that zone, then it (curiously) returns ISC_R_TIMEOUT
which becomes rcode.

Then the if-statement (172/173) jumps to line 180.

Then the if-statement on line 193 fails because the rcode is
not ISC_R_NOTZONE thus causing the update to incorrectly
NOT be tried again w/o the cached zone.

If you have explicit zone statements for all your zones in your
config file you probably avoid this problem because you won't have
speculative-but-incorrect zones cached.  See my message dated 10-Oct-2007
titled "DDNS update to wrong zone" for background.

John

More information about the dhcp-users mailing list