Bind problems

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Sep 11 14:19:13 UTC 2003


Chefy Tim <chefytim at metasoft.net> wrote (in part):

>I have recently setup a RedHat 9 linux PDC with DHCP, DNS and Samba
>installed on it. 
>
>I really have never setup DNS on Linux before and appear to be having some
>problems.
>
>I have several Windows XP machines that have been successfully joined to the
>Linux "domain" and are connecting without any problems including a login
>script that maps to shares on the Linux box.
>
>The Windows clients can ping the server with the friendly name but not the
>fully qualified domain name. DHCP also seems to be working flawlessly.
>
>When a Windows machine boots up I get a couple of error messages in the
>system log of the Linux box like these.
>
>********************************************************************************
>
>Sep 10 19:24:41 server named[1581]: client 192.168.48.100#1036: updating
>zone 'thekitchen.com/IN': update failed: 'RRset exists (value dependent)'
>prerequisite not satisfied (NXRRSET)
>Sep 10 19:24:41 server named[1581]: client 192.168.48.100#1038: update
>'thekitchen.com/IN' denied
>
>********************************************************************************

I will not comment on your zone files; there already has been one
posting detailing your errors there.  But those config errors are not
related to the error message block you posted.  Read RFC 2136 (Dynamic
DNS).  The error messages are telling you that the machine at IP address

     192.168.48.100

sent a DDNS request to your BIND server to update the zone

     thekitchen.com

There was a pre-requisite condition in the DDNS packet that was not
satisfied, so BIND returned the error/return code

     NXRRSET

In a trace I took in the past (July 2000) of W2k DDNS activity, I found
this DDNS packet:

     Zone: example.com
     Pre-req #1: aaa.example.com is not a CNAME.     (true)
     Pre-req #2: aaa.example.com is not 192.168.2.2  (false)

     Return code: NXRRSET = 8 = Some RRset does not exist.

In this case, the packet was trying to register

     aaa.example.com  IN  A  192.168.2.2

when that entry already existed in DNS.  I believe that with BIND 9
the code will always check the pre-requisites in the DDNS update
before checking whether you have authorized DDNS for that zone from
that specific IP address.  So you will not see an

     update 'example.com/IN' denied

message if a pre-req fails.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list