Dynamic ip nsupdate

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 8 20:15:33 UTC 2002 

Raul Sanchez Sanchez wrote:

> Hi:
>
> I'm trying to have an dynamic zone with my bind and i'm having problems.
>
> I have installed bind 8.3.3 from apt in a woody and when i try to update
> whith nsupdate i have this message:
>
> # /usr/bin/nsupdate -v -k /etc/Kgnudip-key.+157+00000.private
> > update add prueba.ade.com. 60  A 192.168.2.1
> >
> dns_request_createvia: address family not supported
>
> i suppose that this would create an entry in my dns to prueba.ade.com
> with 192.168.2.1 ip, isn't it?
>
> i don't know where is the problem, can anybody help me?
>
> thank you very much
>
> Here is my configuration:
>
> named.conf
> ----------------
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind/README.Debian for information on the
> // structure of BIND configuration files in Debian for BIND versions
> 8.2.1
> // and later, *BEFORE* you customize this configuration file.
> //
>
> options {
>         directory "/var/cache/bind";
>
>         // If there is a firewall between you and nameservers you want
>         // to talk to, you might need to uncomment the query-source
>         // directive below.  Previous versions of BIND always asked
>         // questions using port 53, but BIND 8.1 and later use an
> unprivileged
>         // port by default.
>
>         // query-source address * port 53;
>
>         // If your ISP provided one or more IP addresses for stable
>         // nameservers, you probably want to use them as forwarders.
>         // Uncomment the following block, and insert the addresses
> replacing
>         // the all-0's placeholder.
>
>         // forwarders {
>         //      0.0.0.0;
>         // };
> };
>
> // reduce log verbosity on issues outside our control
> logging {
>         category lame-servers { null; };
>         category cname { null; };
> };
>
> // prime the server with knowledge of the root servers
> zone "." {
>         type hint;
>         file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
>         type master;
>         file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.255";
> };
>
> // add entries for other zones below here
>
> zone "ade.com" {
>         type master;
>         file "/etc/bind/db.ade";
>         allow-update { localhost; };
> };
>
> zone "236.98.35.10.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.236.98.35.10";
> };
>
> // include definition of GnuDIP update key
> include "/etc/bind/gnudip-keyfile";
>
> // define GnuDIP dynamic DNS zone
> zone "dyn.you.net" in {
>   type master;
>   file "/etc/bind/run/zone-dyn.you.net";
>   allow-query { any; };
>   allow-update { key gnudip-key; };
> };
>
> -------------------------------------------------------------
> ------------------------------------------------------------
> db.ade.com
> ------------------------------------------------------------
> ;
> ; BIND data file for yourdomain.com
> ;
> @       IN      SOA     ade.com. root.ade.com. (
>                               1         ; Serial
>                          604800         ; Refresh
>                           86400         ; Retry
>                         2419200         ; Expire
>                          604800 )       ; Default TTL
>
>         IN      NS      dns.ade.com.
>         IN      MX      10      correo.ade.com.
>
> filemon   IN    A       10.35.98.236
> correo    IN    CNAME   filemon
> bugzilla  IN    CNAME   filemon
> dns       IN    CNAME   filemon
> -------------------------------------------------------------------
> -------------------------------------------------------------------
> gnudip-keyfile
> ----------------------------------------
> key gnudip-key {
>   algorithm hmac-md5;
>   // the TSIG key generated by nsupdate
>   secret "raulYq7bsvUwm+rSvdJj5w==";
> };
> ----------------------------------------------------------------------
> --------------------------------------------------------------------
>  zone-dyn.you.net
> -------------------------------------------------------
> $TTL 86400 ; default TTL (1 day)
> @          IN SOA   ns.you.net. root.you.net. (
>                       0       ; serial
>                       3600    ; refresh (1 hour)
>                       1800    ; retry (30 minutes)
>                       604800  ; expire (1 week)
>                       0       ; TTL for NACK-s (0 seconds)
>                     )
>            IN NS    ns.you.net.
>            IN CNAME prueba.ade.com.

Well, "address family not supported" is an operating-system level error, so
I'd blame your OS configuration.

However, I also notice some other problems:

a) the zone you're trying to update is ade.com, and it's only updateable by
"localhost". That's probably not what you want. Don't you want to allow it
to be updateable with the "gnudip-key." TSIG key?

b) You need to be careful about the spelling of key names, especially with
regard to punctuation. "gnudip-key." is not the same as "gnudip-key".

c) you should have at least 2 nameservers for every zone

d) the NS record for ade.com is a CNAME. This is illegal. It must be an A
record.

e) same for the target of the MX record. It's not legal for that to be a
CNAME.


- Kevin

More information about the bind-users mailing list