bind newbie - NSUPDATE

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 16 03:59:10 UTC 2000


The immediate problem is that atoi.iphere.com is returning NOTAUTH ("Not
Authorized") to your Dynamic Update -- see the bottom part of the output.
Looking a little deeper, all of the responses you're getting from 192.168.0.1
are non-authoritative, even though that server is supposed to be configured as
master for the zone. It would appear, then, that the zone is not loading
properly, probably because of a syntax error in the zone file. Because the
server doesn't consider itself authoritative for the zone, it won't accept any
Dynamic Updates for it. Look in the log file to see why the zone isn't loading
properly.


- Kevin

Anthony Ryan Mattke wrote:

> Ok, I tried the -d option.. cant really tell what i'm seeing here..
> but it didnt seem to work, any suggestions ?
>
> atoi:/etc/named# nsupdate -d
> > update add test.iphere.com. 333 in a 192.168.0.99
> >
> ;; res_findzonecut: START dname='test.iphere.com.' class=IN, zsize=1025,
> naddrs=3
> ;; res_findzonecut: get the soa, and see if it has enough glue
> ;; res_nmkquery(QUERY, test.iphere.com., IN, SOA)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28503
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      test.iphere.com, type = SOA, class = IN
>
> ;; Querying server (# 1) address = 192.168.0.1
> server rejected query:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28503
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      test.iphere.com, type = SOA, class = IN
>
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28503
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      test.iphere.com, type = SOA, class = IN
>
> ;; res_nmkquery(QUERY, iphere.com., IN, SOA)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28504
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      iphere.com, type = SOA, class = IN
>
> ;; Querying server (# 1) address = 192.168.0.1
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28504
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      iphere.com, type = SOA, class = IN
>
> ;; ANSWER SECTION:
> iphere.com.             6H IN SOA       atoi.iphere.com. root.iphere.com.
> (
>                                         111002          ; serial
>                                         6H              ; refresh
>                                         5M              ; retry
>                                         4w2d            ; expiry
>                                         6H )            ; minimum
>
> ;; res_findzonecut: get the ns rrset and see if it has enough glue
> ;; res_nmkquery(QUERY, iphere.com, IN, NS)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28505
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      iphere.com, type = NS, class = IN
>
> ;; Querying server (# 1) address = 192.168.0.1
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28505
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; QUERY SECTION:
> ;;      iphere.com, type = NS, class = IN
>
> ;; ANSWER SECTION:
> iphere.com.             6H IN NS        atoi.iphere.com.
>
> ;; ADDITIONAL SECTION:
> atoi.iphere.com.        6H IN A         192.168.0.1
>
> ;; res_findzonecut: get the missing glue and see if it's finally enough
> ;; res_findzonecut: add_addrs: 1
> ;; res_findzonecut: satisfy(atoi.iphere.com): 1
> ;; res_findzonecut: FINISH n=1 (OK)
> ;; res_nupdate: res_mkupdate -> 49
> ;; res_send()
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 28506
> ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 1, ADDITIONAL: 0
> ;;      iphere.com, type = SOA, class = IN
> test.iphere.com.        5m33s IN A      192.168.0.99
> ;; Querying server (# 1) address = 192.168.0.1
> ;; got answer:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 28506
> ;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 0
>
> >
> >
> atoi:/etc/named# ping test.iphere.com
> ping: unknown host test.iphere.com
> atoi:/etc/named#
>
>  __
> ~/ony
>
> #include".sig"
>
> Anthony Ryan Mattke
> - Imagestream Internet Solutions
> - http://www.imagestream-is.com/
> - tony at imagestream-is.com
> - 1.800.813.5123
>
> On Wed, 15 Nov 2000, Kevin Darcy wrote:
>
> >
> > Anthony Ryan Mattke wrote:
> >
> > > First off, I'm rather new to Bind, running named 8.2.2-P5.
> > >
> > > I'm curious about dynamic DNS and nsupdate.. I bought O'Reilly's DNS &
> > > Bind book and looked through the breif section on nsupdate.
> > >
> > > So I setup my zone in named.conf
> > >
> > > zone "iphere.com" {
> > >         type master;
> > >         file "db.iphere";
> > >         allow-update { 192.168.0.1; 127.0.0.1; };
> > > };
> > >
> > > and did an ndc reload...
> > >
> > > from what i saw in the book, it appeared that this would work.
> > >
> > > atoi:~# nsupdate
> > > > update add test.iphere.com. 333 in a 192.168.0.99
> > > >
> > > >
> > > atoi:~#
> > >
> > > in db.iphere thre is no CNAME or A entry for 'test'
> > > but when i try to resolve that name, it fails to find it.
> > >
> > > What am I missing here ?
> >
> > Use the "-d" option. That will at least tell you (verbosely) whether you
> > sent the update to the server you expected to, and what the response code
> > was.
>






More information about the bind-users mailing list