NOTAUTH on dynamic zone update
Mark Andrews
Mark_Andrews at isc.org
Tue Feb 17 20:54:30 UTC 2009
In message <gnalak$f16$1 at news.motzarella.org>, Benedikt Gollatz writes:
> Hello everyone,
>
> I use nsupdate to dynamically update a reverse lookup zone hosted by my
> BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys,
> added an appropriate "key" section to my configuration, added the updating
> host to the "controls" section, and added an "allow-update" parameter to the
> zone configuration like this:
>
> zone "[...]" in {
> type master;
> [...]
> allow-update { key "key-name"; };
> };
>
> I pass the key to nsupdate using one (either) of the keyfiles generated by
> dnssec-keygen with the -k parameter.
>
> Unfortunately this doesn't work. When running nsupdate, I get a "failed: not
> authoritative for update zone (NOTAUTH)" error in my server log file, and no
> updating is done.
The zone section in the update message does NOT match a
master/slave zone configured in the view that the update
message matched.
Mark
> I'm confused about the error message because both the BIND configuration file
> and the SOA record of the zone state that the server indeed is authoritative
> for the update zone.
>
> Also, this configuration works fine with a dhcpd updating a different zone
> hosted by the same server.
>
> Googling yields a few people with similar problems but no real solution. Any
> hints on what I might be doing wrong are appreciated.
>
> Benedikt
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list