nsupdate errors - where to get more info?

Kevin Darcy kcd at daimlerchrysler.com
Mon Sep 11 23:16:21 UTC 2000



It should be trying the server in the SOA.MNAME first, assuming that that
server is also listed in the NS records for the zone. Is this the case?

If not, then it tries all of the NS'es. But I've never known nsupdate to
fail after a certain number of NS'es. I have 5 NS'es for most of our
internal zones, and during testing -- when I've screwed something up :-( --
I've seen it go through and get REFUSED answers from all 5 NS'es. So I don't
think there is an arbitrary limit. Could it be a timing thing? Are some of
your NS'es slow to respond?

What exactly does the "-d" output show?

In any case, you should be directing your updates to the SOA.MNAME server,
for the most efficient updates.


- Kevin

Treptow, Craig wrote:

> What happens is that it gets the NS records and then tries them in =
> order.  If
> the master is the first record returned it works the first time.  If it =
> is
> second, it gets refused and then tries the next NS record, which works. =
>  If
> the master is third, it gets two refusals and then works.  If the =
> master is
> the fourth NS record returned, I get the send error after the third =
> refusal.
>
> Perhaps I'm totally missing something, but I don't see how can always =
> make
> sure the update is heading for the master server?  I need or want all =
> the
> secondaries listed in the NS records for the domain, right?
>
> -----Original Message-----
> From: peter at icke-reklam.ipsec.nu.invalid
> [mailto:peter at icke-reklam.ipsec.nu.invalid]
> Sent: Friday, September 08, 2000 5:39 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: nsupdate errors - where to get more info?
>
> Treptow, Craig <Treptow.Craig at principal.com> wrote:
>
> Well the update is supposed to be aimed at the master. Is that
> your problem that it isn't ?
>
> > Nothing gets in the logs.  What I've discovered is that the only =3D
> > message
> > coming directly from nsupdate is the "res_send: send error, =
> n=3D3D-1".  =3D
> > The others
> > are from an interveining program that I didn't know about earlier.
>
> > I've also discovered that the update will fail with the above error =
> =3D
> > message
> > whenever the master DNS is listed as the 4th NS record.  If it comes =
> =3D
> > back as
> > the first through third NS record the update works fine.  It will =3D
> > probably
> > also fail if the master is listed the 5-? NS record, but I don't have =
> =3D
> > that
> > many secondaries and haven't been able to test it.
>
> > -----Original Message-----
> > From: peter at icke-reklam.ipsec.nu.invalid
> > [mailto:peter at icke-reklam.ipsec.nu.invalid]
> > Sent: Friday, September 08, 2000 1:46 PM
> > To: comp-protocols-dns-bind at moderators.isc.org
> > Subject: Re: nsupdate errors - where to get more info?
>
> > Treptow, Craig <Treptow.Craig at principal.com> wrote:
>
> >> Hi.  We are running 8.2.2-p5 on AIX 4.3 and have a process in place =
> =3D
> > that
> > does
> >> dynamic updates.  Occasionally, in the logs we see any of these =3D
> > messages:
>
> > What is written in the logs of the DNS SERVER ? These seem to
> > be resolver messages.
>
> >> res_mkupdate error
> >> failed update packet
>
> >> unknown response: ans=3D3D3, auth=3D3D1, add=3D3D0, rcode=3D3D0
> >> failed update packet
>
> >> res_send: send error, n=3D3D-1
>
> >> unknown response: ans=3D3D1, auth=3D3D1, add=3D3D0, rcode=3D3D3
> >> failed update packet
>
> >> I would like to learn more about what these are trying to tell us.  =
> I =3D
> > can't
> >> seem to find much regarding the specifics to these errors.  I've =3D
> > looked in
> > the
> >> BIND book and in the archives of this list, but didn't find =
> anything. =3D
> >  Any
> >> pointers are greatly appreciated.
>
> >> Thanks!
>
> >> Craig Treptow
> >> Principal Financial Group
> >> I/S Network Administration
> >> (515) 247-6207
>
> > --=3D20
> > Peter H=3DE5kanson        =3D20
> >         IPSec  Sverige      (At the Riverside of Gothenburg, home of =
> =3D
> > Volvo)
> >            Sorry about my e-mail address, but i'm trying to keep spam =
> =3D
> > out.
> >          Remove "icke-reklam"and "invalid"  and it works.
>
> --=20
> Peter H=E5kanson        =20
>         IPSec  Sverige      (At the Riverside of Gothenburg, home of =
> Volvo)
>            Sorry about my e-mail address, but i'm trying to keep spam =
> out.
>            Remove "icke-reklam"and "invalid"  and it works.








More information about the bind-users mailing list