Help! NOTZONE error with nsupdate
J.M.Roth
lists at roth.lu
Mon Sep 10 13:01:58 UTC 2001
See my comments below...
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Mark_Andrews at isc.org
Sent: Monday, September 10, 2001 14:39
To: J.M.Roth
Cc: bind-users at isc.org
Subject: Re: Help! NOTZONE error with nsupdate
>> the client system (running nsupdate) is Bind 9.1.0 (Redhat 7.1) the
> The current BIND 9.1.x is BIND 9.1.3, I recommend upgrading.
Hmmm, they (RH) don't have RPMs for that yet.
I could compile it of course if you think that is necessary.
> server is a Bind 8.2.2 P7 (updated RH 6.0)
Now, it's a 8.2.3. No change.
>> --- The client outputs this in debug mode
>> [root at stargate ppp]# /usr/bin/nsupdate -d -k
>> /var/named/keys/Kkey.+157.+00000.private /etc/ppp/nsupd.cfg keycreate
>> Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
>> id: 27778 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
>> ADDITIONAL: 0 ;; QUESTION SECTION:
>> ;jbaccess.lan.beffort.lu. IN SOA
>>
>> ;; AUTHORITY SECTION:
>> lan.beffort.lu. 9208 IN SOA ns1.iip.lu.
>> jmroth.iip.lu.
>> 2001060718 28800 7200 604800 86400
>>
>>
>> Found zone name: lan.beffort.lu
>> The master is: ns1.iip.lu
>>
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOTZONE, id: 46657
>> ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;;
TSIG
>> PSEUDOSECTION:
>> key. 0 ANY TSIG
HMAC-MD5.SIG-ALG.REG.INT.
>> ***CENSORED*** NOERROR 0
> Well there is no need to censor the signature. TSIG is designed
> to limit exposure of replay attacks to minutes. In otherwords
> seeing the signature doesn't disclose the secret.
Thanks for the insight :)
> NOTZONE indicates that the server believes that one of the
updates
> didn't belong to the zone in question. The contents of
> /etc/ppp/nsupd.cfg would be interesting to see.
Here we go:
update delete b.mx.beffort.lu. A
update add b.mx.beffort.lu. 1 A new.ip.add.ress
And named.conf contains:
zone "mx.beffort.lu" {
type master;
file "name2ip/beffort.mx.lu";
allow-update {
key key.;
};
};
Regards,
J.M.Roth
More information about the bind-users
mailing list