Dynamic Update Policy.....
Mark Andrews
marka at isc.org
Sun Mar 31 04:50:34 UTC 2013
In message <8741727B99C1AE4488FA3A4CD77D7B6E06A6CAA2 at MX-DS0-HQ.minervanetworks.
com>, Gary Greene writes:
> I'm trying to get bind to use ddns updates for our environment, however
> I'm getting errors in the logs on the system that the host is being
> denied from making the changes.
>
> Currently, I'm only allowing certain hosts to update their records, as a
> test.
>
> The stanza for update-policy follows:
>
> zone "minervanetworks.com" {
> type master;
> notify yes;
> update-policy {
> grant ggreene-imac$@MINERVANETWORKS.COM ms-self * A;
> grant cvallejo-w7-lt$@MINERVANETWORKS.COM ms-self * A;
> grant cvallejo-test-w7-lt$@MINERVANETWORKS.COM ms-self * A;
> };
> file "/etc/named.d/minervanetworks.zone";
> check-names ignore;
> };
>
> The error I see in the logs:
> Mar 28 15:57:29 ns1 named[11482]: client 10.5.1.11#52418: view internal:
> update 'minervanetworks.com/IN' denied
>
> The reverse zones work, as they are setup to allow dhcpd to make the
> changes (and they work correctly), however the forward zone does not.
>
> Any insight would be great. Thanks.
>
> --
> Gary L. Greene, Jr.
> Sr. Systems Administrator
> IT Operations
> Minerva Networks, Inc.
> Cell: (650) 704-6633
My bet is that it is that the machines are trying to add AAAA records.
Allow both AAAA and A records and they updates should succeed.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list