BIND 8.2.3 "update failed" messages

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Mar 15 16:17:15 UTC 2001 

"David G. Humes" <david.humes at jhuapl.edu> wrote:

> I just set up a new BIND 8.2.3-REL slave and have been getting the
following
> messages in named.run if I turn on debugging:
>
> 12-Mar-2001 16:19:41.856 debug 1: update failed _tcp.xyz.edu 2
> 12-Mar-2001 16:19:44.090 debug 1: update failed _udp.xyz.edu 2
> 12-Mar-2001 16:19:47.554 debug 1: update failed ssd.xyz.edu 2
> 12-Mar-2001 16:19:56.972 debug 1: update failed aplsrv.xyz.edu 2
> 12-Mar-2001 16:20:10.732 debug 1: update failed _sites.xyz.edu 2
> 12-Mar-2001 16:21:56.974 debug 1: update failed _msdcs.xyz.edu 2
>
> The one thing in common with each of these zones is that they are
dynamic
> zones set up to support  updates from DHCP.  But then we have some other
> dynamic zones that are not logging errors.  All the zone files seem to
be up
> to date, but these messages are persistent.  Any ideas?

> The slave that's logging these errors is a nonproduction server, BIND
> 8.2.3-REL on Solaris 2.6.  It's just a test box, so none of our systems
> "should" have it listed as a server.  So I don't think the Win2K Domain
> Controllers should be hitting on it.  Also, since it's a slave, wouldn't you
> expect to see the "unapproved update" messages on the primary server rather
> than a slave?  It was my understanding that a slave just passes an update
> request to the primary without attempting to decide if the client is
> approved to make an update.

The Win2k code will lookup the SOA for the zone to be updated, and it
will extract the name of the master DNS from that SOA.  It will then
send DDNS packets to that master DNS.  In you example above, what is
in the SOA for the four "_" zones

     _msdcs.xyz.edu
     _sites.xyz.edu
     _tcp.xyz.edu
     _udp.xyz.edu

as the master DNS?  If W2k DHCP is sending DDNS update packets to a
slave server, then I consider this a bug.  I would like to see a
trace of the DNS traffic between the DHCP server and any DNS server it
is querying.

I have gotten one trace of DDNS activity between a Win2k DHCP server
and the master server for the zone.  The pre-req sections in the DDNS
packets don't match the pre-req sections sent by a Win2k self 
registration, but they do not have to match.  I find fault with both
sets of pre-req sections, but there is no major error with the pre-req
logic.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list