Nsupdate questions
Kevin Darcy
kcd at daimlerchrysler.com
Tue Dec 5 23:28:20 UTC 2000
Anthony Ryan Mattke wrote:
> I have a couple questions about nsupdate..
>
> 1. Do i have to be root on a machine to do an nsupdate ?
No. You don't even have to be on the same machine.
> - if i do, is there a way to authenticate instead ?
You can crypto-sign your update requests with a TSIG key. See
http://www.nominum.com/resources/faqs/bind-faq.html#tsig2
> 2. When run nsupdate -d and try to add the host test.iphere.com
> it fails.. here is the output..
nsupdate really tosses its cookies when it encounters an NS record that's an
alias. That totally screws up its "lets find out what server to send the
update to" algorithm. Your nameserver is giving out
"hal.bravegnuworld.com" as an NS for iphere.com, but that name is an alias
for "firbolg.bravegnuworld.com". You should be listing
"firbolg.bravegnuworld.com" in the NS records *directly*, not the alias.
What you're doing is illegal.
nsupdate could perhaps use some better diagnostics for this particular
error.
> I'm runnig this as root on the machine that is the primary DNS server for
> the domain. (iphere.com) Its a redhat box running bind 8.2.2-P3.
Upgrade to 8.2.2-p7 at least. Earlier versions of BIND 8 have security
vulnerabilities.
- Kevin
More information about the bind-users
mailing list