Help! NOTZONE error with nsupdate
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Sep 10 12:39:13 UTC 2001
>
> Hi,
> the client system (running nsupdate) is Bind 9.1.0 (Redhat 7.1) the
The current BIND 9.1.x is BIND 9.1.3, I recommend upgrading.
> server is a Bind 8.2.2 P7 (updated RH 6.0)
>
> --- The client outputs this in debug mode
> [root at stargate ppp]# /usr/bin/nsupdate -d -k
> /var/named/keys/Kkey.+157.+00000.private /etc/ppp/nsupd.cfg keycreate
> Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
> id: 27778 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
> ADDITIONAL: 0 ;; QUESTION SECTION:
> ;jbaccess.lan.beffort.lu. IN SOA
>
> ;; AUTHORITY SECTION:
> lan.beffort.lu. 9208 IN SOA ns1.iip.lu.
> jmroth.iip.lu.
> 2001060718 28800 7200 604800 86400
>
>
> Found zone name: lan.beffort.lu
> The master is: ns1.iip.lu
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOTZONE, id: 46657
> ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; TSIG
> PSEUDOSECTION:
> key. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT.
> ***CENSORED*** NOERROR 0
Well there is no need to censor the signature. TSIG is designed
to limit exposure of replay attacks to minutes. In otherwords
seeing the signature doesn't disclose the secret.
NOTZONE indicates that the server believes that one of the updates
didn't belong to the zone in question. The contents of
/etc/ppp/nsupd.cfg would be interesting to see.
Mark
>
>
> Freeing key
> Destroy DST lib
> Detach from entropy
>
> --- The server tells me this:
>
> 10-Sep-2001 11:15:04.531 error processing update packet (NOTZONE) id
> 46657 from [213.166.63.75].1028
>
> Help!
>
> :) jmr
>
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list