nsupdate's choice of interface

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Dec 20 10:04:21 UTC 2000 

	Nsupdate looks at the list of nameservers for the zone then
	send the update to them.  If one of the list nameservers is
	also listed as the origin in the SOA it is tried first otherwise
	the nameservers are tried at random.

	Nsupdate does *not* bind the source address of the update packet.
	The source address is determined by the routing table and the
	kernel. (BIND 9's version allows you to specify the source address).

	What you should be doing is using TSIG to authenticate the update
	rather than use IP addresses.

	Mark

> 
> I've been running bind-8.2.2 for awhile now to serve a small LAN of
> about 50 hosts. I'd like to use the new dhcp-3 with dns update support
> to take care of keeping the DNS database populated.
> 
> I tried using nsupdate to write a record to the database, just to see
> if it works, and it looks like it's using the *wrong interface* to
> communicate with named. According to the nsupdate man page, it uses
> resolv.conf to decide what interface to use, but the named error
> message in the log file suggests otherwise.
> 
> In named.conf, I have:
> 
> zone "domain.com" IN {
>        type master;
>        allow-update { 127.0.0.1; };
>        file "domain.com.zone";
> };
> 
> In resolve.conf, I have:
> 
> search domain.com. 
> nameserver 127.0.0.1
> 
> I issue the command "nslookup -d", then "update add host.domain.com. 1W
> CNAME anotherhost.anotherdomain.com." and a blank line, and a bunch of
> interesting stuff goes by, ending with a failure message. Inspecting
> /var/log/messages, I find the message:
> 
> unapproved update from [192.168.0.32].3327 for domain.com
> 
> This is my LAN interface address. Why is nsupdate sending the update on
> this interface and not through my loopback interface? Do the listen-on
> or allow-transfer options affect this? They both list the LAN interface
> first. Is there a way to tell nsupdate which interface to use? I see
> nothing for that in the man page.
> 
> Ken
> mailto:shiva at well.com
> http://www.sewingwitch.com/ken/
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list