Help - dynamic updates suddenly failing...
Cricket Liu
cricket at nxdomain.com
Tue Sep 25 21:07:16 UTC 2001
> I was wondering if you could help me with a problem that we're
experiencing.
>
> For some undetermined reason, one of our nameservers (BIND 8.2.3)
> has started denying updates to some of our in-addrs from a server
> that's allowed in one of our ACLs. For example:
>
> From the config on b.ns.verio.net:
>
> acl updaters {
> 129.250.35.8;
> 129.250.35.30;
> };
>
> One of the zones that's being denied:
>
> zone "3.150.207.in-addr.arpa" IN {
> type master;
> file "zones/arpa/db.207.150.3";
> allow-updates {
> updaters;
> };
> };
>
> The error message on b.ns.verio.net:
>
> Sep 25 20:28:25 dfw-master2 named[25455]: denied update from
> [129.250.35.30].53265 for "3.150.207.in-addr.arpa"
>
> Here's the config file for this zone:
>
> $ORIGIN 3.150.207.in-addr.arpa.
> @ 1D IN SOA b.ns.verio.net. dns.verio.net. (
> 2001050100 ; serial
> 3H ; refresh
> 1H ; retry
> 1W ; expiry
> 1D ) ; minimum
>
> 1D IN NS ace.gi.net.
> 1D IN NS westie.mid.net.
> 1D IN NS ns3.gi.net.
> 1D IN NS b.ns.verio.net.
>
> I can't think of any particular reason why the update from 129.250.35.30
> would be denied, especially since that IP is in the ACL used in our
> allow-updates section. anybody have any ideas? What am I missing
> here? Dynamic updates *are* working for some zones, which have
> identical config file syntax.
Have you put a Sniffer on the wire to see what the actual update looks like?
Is there any chance that the update has a prerequisite that isn't being met?
Or that the update is trying to do something illegal, like add a record to
an
owner name that already has a CNAME record?
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
More information about the bind-users
mailing list