denied dynamic updates
Andrew Carson
andrewc at REMOVE.perth.wni.com
Tue Aug 12 00:21:57 UTC 2003
Kevin Darcy wrote:
> Andrew Carson wrote:
>
>
>>Hi,
>>Problems getting a dns server to update dynamically.
>>Some info:
>>
>>This entry for the particular zone
>>allow-update { 192.168.96.100; };
>>
>>>From that computer:
>>nsupdate -d
>> > prereq nxdomain testname.domain.blah
>> > updated add testname.domain.blah 86400 CNAME www.domain.blah
>>
>>The response is:
>>Found zone name: domain.blah
>>The master is: master.domain.blah
>>before getaddrinfo()
>>
>>Reply from update query:
>>;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 36363
>>;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>>
>>And the results in the log:
>>Aug 7 16:34:25 192.168.96.100 named[21555]: client
>>192.168.96.100#33480: update 'domain.blah/IN' denied
>>
>>Is there something I'm missing? I've also tried allow-update {127.0.0.1}
>>since I'm doing the update from the same machine, but no joy.
>>Bind version is 9.2.1, OS is Deb linux.
>
>
> 1) This server is the *master* for the zone, right?
>
> 2) Try dot-terminating all names in your nsupdate commands. Some versions of
> nsupdate silently append the default domain to all non-dot-terminated domain
> names, and that could result in an update attempt to an update-restricted
> zone...
>
>
> - Kevin
>
>
Thanks Kevin. I gave that a go, but still no joy. I ended up
recompiling to see if that would do the trick.. and hey presto. At
least now I have the latest version, I guess.
Cheers,
Andrew Carson.
More information about the bind-users
mailing list