denied dynamic updates
Kevin Darcy
kcd at daimlerchrysler.com
Fri Aug 8 21:25:41 UTC 2003
Andrew Carson wrote:
> Hi,
> Problems getting a dns server to update dynamically.
> Some info:
>
> This entry for the particular zone
> allow-update { 192.168.96.100; };
>
> >From that computer:
> nsupdate -d
> > prereq nxdomain testname.domain.blah
> > updated add testname.domain.blah 86400 CNAME www.domain.blah
>
> The response is:
> Found zone name: domain.blah
> The master is: master.domain.blah
> before getaddrinfo()
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 36363
> ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>
> And the results in the log:
> Aug 7 16:34:25 192.168.96.100 named[21555]: client
> 192.168.96.100#33480: update 'domain.blah/IN' denied
>
> Is there something I'm missing? I've also tried allow-update {127.0.0.1}
> since I'm doing the update from the same machine, but no joy.
> Bind version is 9.2.1, OS is Deb linux.
1) This server is the *master* for the zone, right?
2) Try dot-terminating all names in your nsupdate commands. Some versions of
nsupdate silently append the default domain to all non-dot-terminated domain
names, and that could result in an update attempt to an update-restricted
zone...
- Kevin
More information about the bind-users
mailing list