Newbie help - slave servers and dns updates

Wed Feb 1 01:33:32 UTC 2012

Hi all,

Please excuse my ignorance but after spending several weeks Googling for information that would have endangered several rain forests in paper form, I've decided to ask for some help.

I successfully setup two Bind9 servers in the usual master (DNS1), slave (DNS2) configuration to serve a local internal domain for around 60 users.  Updates etc are allowed via the use of the rndc.key file (identical copies on both servers).  I then added on DHCP to the servers which again works fine.  The final step was adding dynamic DNS updates via the DHCP servers, which also went well.

My problem is that if I turn off the master server (DNS1) to test fail over I can't update the DNS via DHCP.  I get errors like the following:

<date/time> client <DNS2_IP>#<Random looking number>: signer "rndc-key" denied
<date/time> client <DNS2_IP>#<same number as above>: update forwarding '<my dns zone>/IN' denied

I tried using nsupdate to manually add entries but I just get "REFUSED" errors.  As soon as I bring up the master server everything works fine again.

Is this a limitation of Bind and I've just not understood the docs or have I done something silly in a config file?  I've installed this on Ubuntu Server 10.04 and Debian 6 with the same results on both.

Any advice would be gratefully received,

Wayne

#######################
Scanned by MailMarshal
#######################

####################################################################################################################################################################################################################

Attention: 

The information contained in this message is confidential and intended for the addressee(s) only. If you have received this message in error or there are any problems, please notify the originator immediately.
The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Christian Vision or any of its subsidiaries will not be liable for direct, special, indirect or consequential damages 
arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. Please note that we reserve the right to monitor and read any e-mails sent or received by the 
company under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000. Christian Vision is registered in England as a limited company 2842414 and as a charity 1031031  

####################################################################################################################################################################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120201/f0e659ba/attachment.html>