nsupdate returned REFUSED

James Hall-Kenney JHall at sytec.co.nz
Fri Feb 25 22:49:28 UTC 2000 

>Well "notify no;" should be in a zone section or the options
>section.
Yep, a typo in my eMail. It was in fact in the options section, not the
server section. So the question still remains, where do the "suppressing
duplicate notify" messages come from if notify is disabled.

I could not find any messages out of the ordinary in the masters logs other
than the above.  The resolver for the machine sending the updates was
pointing to another ns which could have retured an error but the code traps
the return code of the request with an opcode of "UPDATE" so I wouldn't have
expected this to occur.  Unfortunately I don't have access to the logs on
this server as the sysadmin had a horrible log rotation accident.

The updated script will go in on monday with the debug capture modification.
This should at least advise which server is giving the "REFUSE".

Cheers

J.

-----Original Message-----
From: Mark.Andrews at nominum.com [mailto:Mark.Andrews at nominum.com]
Sent: Thursday, 24 February 2000 12:41
To: James Hall-Kenney
Cc: bind-users at isc.org
Subject: Re: nsupdate returned REFUSED 



> All,
> 
> I have written a PERL script that reads ascii files dumped from an oracle
> database and uses nsupdate to populate the DNS based on the "read"
records.
> 
> The process ran well and correctly added over 30,000 records but for some
> reason 2 records received a "REFUSED" error from nsupdate.  I do have an
ACL
> restricting zone updates but these requests are all coming from the same
> host.  What is more, there are no "unapproved update" errors in the logs
of
> the master which I would have expected for a "REFUSED" error.

	"Unapproved update" is generated when client is not allowed to make
	any updates.  You can have a approved update but still have it
	REFUSED in later processing.  Yes it will be logged.

	Take all the logged output and remove what you know is not an error.
	What is left should tell you what the problem was.

> 
> One thing I did notice is that at same time as these updates occured, the
> following was logged on the master:
> > 22-Feb-2000 22:02:59.146 notify: info: suppressing duplicate notify
> ("zone.org.nz" IN SOA)
> 
> This, even though I have "notify	no" in the server section of the
> named.conf on the master.

	Well "notify no;" should be in a zone section or the options
	section.

	Mark
> 
> Unfortunately I did not log the nsupdate output as logging the output of
> 30,000 records would fill up the logs too quickly.  I am writing an
> enhancement to log the nsupdate output for failed records.
> 
> Adding the 2 failed records manually from nsupdate after the script worked
> fine.
> 
> Although 2 out of 30,000+ is not bad, I'd like to eliminate this
altogether.
> Anyone got any ideas what could cause this?  The master is a Sun
Enterprise
> 250 with truckloads (technical term) of disk and RAM and the machine
> performing the updates is an HP box of similar stature.
> 
> TIA
> 
> J.
> 
> James Hall-Kenney
> jhall at sytec.co.nz
> 
> 
> 
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list