(no subject)

Michael Hale smiley at verio.net
Tue Sep 25 20:58:52 UTC 2001


  was wondering if you could help me with a problem that we're experiencing.

For some undetermined reason, one of our nameservers (BIND 8.2.3)
has started denying updates to some of our in-addrs from a server
that's allowed in one of our ACLs.  For example:

 From the config on b.ns.verio.net:

acl updaters {
         129.250.35.8;
         129.250.35.30;
};

One of the zones that's being denied:

zone "3.150.207.in-addr.arpa" IN {
         type master;
         file "zones/arpa/db.207.150.3";
         allow-updates {
                 updaters;
         };
};

The error message on b.ns.verio.net:

Sep 25 20:28:25 dfw-master2 named[25455]: denied update from 
[129.250.35.30].53265 for "3.150.207.in-addr.arpa"

Here's the config file for this zone:

$ORIGIN 3.150.207.in-addr.arpa.
@                       1D IN SOA       b.ns.verio.net. dns.verio.net. (
                                         2001050100      ; serial
                                         3H              ; refresh
                                         1H              ; retry
                                         1W              ; expiry
                                         1D )            ; minimum

                         1D IN NS        ace.gi.net.
                         1D IN NS        westie.mid.net.
                         1D IN NS        ns3.gi.net.
                         1D IN NS        b.ns.verio.net.

I can't think of any particular reason why the update from 129.250.35.30
would be denied, especially since that IP is in the ACL used in our
allow-updates section.  anybody have any ideas?  What am I missing
here?  Dynamic updates *are* working for some zones, which have
identical config file syntax.

--
Michael Hale                                    <smiley at verio.net>
Verio ISS engineer - DNS team           Verio, Inc.



More information about the bind-users mailing list