Help! NOTZONE error with nsupdate

J.M.Roth lists at roth.lu
Mon Sep 10 13:01:58 UTC 2001 

See my comments below...

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Mark_Andrews at isc.org
Sent: Monday, September 10, 2001 14:39
To: J.M.Roth
Cc: bind-users at isc.org
Subject: Re: Help! NOTZONE error with nsupdate 


>> the client system (running nsupdate) is Bind 9.1.0 (Redhat 7.1) the
>	The current BIND 9.1.x is BIND 9.1.3, I recommend upgrading.
Hmmm, they (RH) don't have RPMs for that yet. 
I could compile it of course if you think that is necessary.

> server is a Bind 8.2.2 P7 (updated RH 6.0)
Now, it's a 8.2.3. No change.

>> --- The client outputs this in debug mode
>> [root at stargate ppp]# /usr/bin/nsupdate -d -k
>> /var/named/keys/Kkey.+157.+00000.private /etc/ppp/nsupd.cfg keycreate
>> Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
>> id:  27778 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
>> ADDITIONAL: 0 ;; QUESTION SECTION:
>> ;jbaccess.lan.beffort.lu.       IN      SOA
>> 
>> ;; AUTHORITY SECTION:
>> lan.beffort.lu.         9208    IN      SOA     ns1.iip.lu.
>> jmroth.iip.lu.
>> 2001060718 28800 7200 604800 86400
>> 
>> 
>> Found zone name: lan.beffort.lu
>> The master is: ns1.iip.lu
>> 
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOTZONE, id:  46657
>> ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;;
TSIG
>> PSEUDOSECTION:
>> key.                 0       ANY     TSIG
HMAC-MD5.SIG-ALG.REG.INT.
>> ***CENSORED*** NOERROR 0
>	Well there is no need to censor the signature.  TSIG is designed
>	to limit exposure of replay attacks to minutes.  In otherwords
>	seeing the signature doesn't disclose the secret.

Thanks for the insight :)

>	NOTZONE indicates that the server believes that one of the
updates
>	didn't belong to the zone in question.  The contents of 
>	/etc/ppp/nsupd.cfg would be interesting to see.

Here we go:
update delete b.mx.beffort.lu. A
update add b.mx.beffort.lu. 1 A new.ip.add.ress

And named.conf contains:
zone "mx.beffort.lu" {
        type master;
        file "name2ip/beffort.mx.lu";
        allow-update {
                key key.;
        };
};

Regards,
J.M.Roth

More information about the bind-users mailing list