dynamic update reverse zone?

Kevin Darcy kcd at chrysler.com
Fri Feb 15 01:33:05 UTC 2008 

Alexandre Paradis wrote:
> Konigs Carl wrote:
>   
>> Verify write permission of "/etc/namedb/dynamic/revlan.bureau.own"
>> Try nsupdate on your reverse zone, does it work?
>>
>> -----Original Message-----
>> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
>> Behalf Of Alexandre Paradis
>> Sent: 13 February 2008 20:40
>> To: bind-users at isc.org
>> Subject: dynamic update reverse zone?
>>
>> Hi, i have some problems with my dynamic update between the DHCP and 
>> DNS.  I'm able to update my "normal" zone, but the reverse zone won't 
>> update.
>>
>> here's my dhcpd.conf
>>
>>
>> # dhcpd.conf
>>
>> ddns-hostname = pick (option fqdn.hostname, option host-name, concat
>> ("dhcp-", binary-to-ascii (10, 8, "-", leased-address)));
>> option host-name = config-option server.ddns-hostname;
>>
>> option domain-name "bureau.own";
>> option domain-name-servers 69.69.68.1;
>> default-lease-time 600;
>> max-lease-time 7200;
>> authoritative;
>> #ping-check false;
>> #DDNS
>> ddns-updates on;
>> ddns-update-style interim;
>> ddns-domainname "bureau.own";
>> #ignore client-updates;
>> ddns-ttl 120;
>> ddns-rev-domainname "in-addr.arpa";
>> allow client-updates;
>>
>> subnet 69.69.68.0 netmask 255.255.255.0 {
>>      range 69.69.68.100 69.69.68.145;
>>      option routers 69.69.68.1;
>>      option broadcast-address 69.69.68.255;
>>      }
>>
>> key marjo {
>>      algorithm HMAC-MD5;
>>      secret <mykey>;
>>      }
>>
>> zone bureau.own. {
>>      primary 69.69.68.1;
>>      key marjo;
>>      }
>>
>> zone 68.69.69.in-addr-arpa. {
>>      primary 69.69.68.1;
>>      key marjo;
>>      }
>>
>>
>>
>>
>>
>>
>> This is my named.conf
>>
>>
>> key marjo {
>>       algorithm HMAC-MD5;
>>       secret "<mykey>";
>>       };
>>
>> #ACL pour les differentes interfaces
>> acl lan { 69.69.68.0/24; 127.0.0.1; };
>> # acl dmz { 1.2.3.4/24; };
>>
>> options {
>>         // Relative to the chroot directory, if any
>>         directory       "/etc/namedb";
>>         pid-file        "/var/run/named/pid";
>>         dump-file       "/var/dump/named_dump.db";
>>         statistics-file "/var/stats/named.stats";
>>         version         "haha oh wow!";
>>         recursion       yes;
>>         allow-recursion {69.69.68.0/24; 127.0.0.1; };
>>         listen-on       { 127.0.0.1; 69.69.68.1; };
>>         allow-query { lan; };
>>         forwarders {69.69.69.1; };
>>         };
>> controls {
>>         inet 127.0.0.1 port 953
>>         allow  { 127.0.0.1; 69.69.68.1; } keys { "marjo";};
>>         };
>>
>> view lan {
>>
>> zone "." {
>>       type hint;
>>       file "named.root";
>>       };
>>
>> match-clients {lan; };
>>
>> zone "bureau.own"{
>>       type master;
>>       notify no;
>>       file "/etc/namedb/dynamic/lan.bureau.own";
>>       //allow-transfer {127.0.0.1; };
>>       allow-update { key marjo; };
>>       };
>>
>> zone "68.69.69.in-addr.arpa" {
>>       type master;
>>       notify no;
>>       file "/etc/namedb/dynamic/revlan.bureau.own";
>>       //allow-transfer {127.0.0.1; };
>>       allow-update { key marjo; };
>>       };
>>
>> };
>>
>>
>> i tried with dhclient.conf on the client side with
>>
>> interface "xl0" {
>> send host-name "alexBSD";
>> }
>>
>> it changed nothing.
>>
>> any idea?
>>
>>
>>
>>
>>
>> ***************************************************************
>> Your E-mail has been scanned against Potential Virus and
>> Spyware/Grayware
>> dangers by the MOD BE SECURITY SYSTEMS.
>>
>> This e-mail and any attachments may contain confidential and
>> privileged information. If you are not the intended recipient,
>> please notify the sender immediately by return e-mail,
>> delete this e-mail and destroy any copies.
>> Any dissemination or use of this information by a person other
>> than the intended recipient is unauthorized and may be illegal.
>>
>>
>>
>>   
>>     
> no, it didn't work. i've checked my permission, and they are ok now
> also, there is no .jnl file for my reverse zone
>   
You say the nsupdate didn't work. Were you using the "marjo" TSIG key? 
What kind of failure did you get (NOTAUTH, REFUSED, BADKEY, something 
else)? You need to provide more detail on each troubleshooting step if 
you want a speedy resolution to this problem.

Also, is there anything in the log about problems with the reverse zone 
when you start or reload named?

- Kevin

More information about the bind-users mailing list