Problem scripting dynamic updates to "subdomain"

Tue Jul 13 19:56:31 UTC 2004

Hello all!

I realize this is not a Perl mailing list, but my problem relates to
Net::DNS so I am hoping someone can help me.  I am wide open to
suggestions and instruction.  Changing to a different DNS server or
breaking the way the zone is currently constructed is not an option. 
Radically modifying my own script if necessary is.

Here is the situation:  In one of our domains (ldmi.net), we have a
number of records created one by one by a scripted dynamic update.  (I
didn't write the script).  The created records look like this:

sample.ldmi.net   86400   IN   MX 10   mail.ldmi.net.

Without going into details of why sample.ldmi.net has an MX record even
though it's not a true domain, suffice to say that many of our customers
on that platform have a similar record allowing mail to be sent to
jdoe at sample.ldmi.net for example.  There are literally hundreds of
them.

Now I have a need to add a new MX record to each of these "subdomains".
 I wrote a script to parse through the results of a zone transfer of
ldmi.net, pick out those names that have an MX record, and add or remove
an MX record accordingly.  The script works great, except that the
update fails with error "NOTAUTH" if I try it on sample.ldmi.net.  The
same subroutine that does the update successfully updates ldmi.net.

I'm guessing that the answer lies somewhere in the difference between
ldmi.net and its' pseudo-subdomains like sample.ldmi.net and how
Net::DNS constructs the request.  I don't understand the "NOTAUTH"
response, as the server clearly allows dynamic updates for this zone
from this host.  I've tried this on two different BIND 9 servers and
gotten the same result.

I can manually add the MX record I want with the nsupdate tool no
problem, but nsupdate is interactive and doesn't have a single
command-line option.  Therefore it is not readily scriptable and I'm
hoping not to have to learn Expect just for this project.

Both scripts (mine and the vendor's) use Net::DNS, except theirs works
and mine doesn't and I can't figure out why.  The same basic functions
are carried out in both.  I am not at liberty to post the vendor's
script, but here is the portion of my script that performs an update
add:

sub dyn_addmxrr 
{
    # Sub to add specified MX record
    # Read variables
    my $zone = $_[0];
    my $mxname = $_[1];
    my $mxpri = $_[2];
    my $server = $_[3];

    # Create the update packet
    my $update = Net::DNS::Update->new($zone);

    # Set prerequisite
    $update->push(pre => nxrrset("$zone MX $mxpri $mxname"));

    # Add record to packet
    $update->push(update => rr_add("$zone MX $mxpri $mxname"));

    # Send update
    my $res = Net::DNS::Resolver->new;
    $res->nameservers("$server");
    my $reply = $res->send($update);

    # Did it work?
    if ($reply)
    {
        if ($reply->header->rcode ne 'NOERROR')
        {
            print "Update for $zone failed: ", $reply->header->rcode,
"\n";
        }
    }
    else
    {
        print "Update for $zone failed: ", $res->errorstring, "\n";
    }
    return 1;
}

One other thing I need to mention is that the vendor is setting the
following options and I am not:

dnssrch(0) #don't use search list
defnames(0) #don't append default to domain names

I suppose I could, but I don't see why they would make a difference
when the variables in Net::DNS are holding the correct values.  (and in
fact, they don't make a difference when I put them in)

Any clue what I might be missing?
Thanks!

Richard Parkin
System Administrator
CCNA
Data Center Operations
LDMI Telecommunications