dynamic update error "update denied"
Jim Reid
jim at rfc1035.com
Wed Aug 15 15:35:54 UTC 2001
>>>>> "Tony" == Tony Shah <tony_shah at hotmail.com> writes:
Tony> I've tried to use an ACL statement (with the IP address
Tony> replaced by the name of the ACL in the example above).
Tony> Along with the "update denied" error message, I get a
Tony> message that says that allowing an update by IP address is
Tony> insecure (even when i use the ACL).
The syntax is OK, so it looks like your server doesn't know about the
allowed IP address or else the update requests are coming from some
other IP address. Check your name server's logs.
Tony> Is there anything that I'm missing?
How about making the name server re-read its config file after you've
added the allow-update clause?
Tony> Should I be using another option along with the "allow-update"?
Yes. Allowing updates based on the source IP address of request is
dangerously insecure. Don't do it. Use TSIG for authenticating these
requests. And give serious thought to using BIND9's update-policy
clause for fine-grained control over what DDNS clients can dynamically
update.
More information about the bind-users
mailing list