nsupdate to clear MX records REFUSED when current mx rec is invalid

David Jonas djonas at vitalwerks.com
Mon Jul 30 21:32:43 UTC 2007


I recently upgraded from Bind 9.2 to 9.4.1-P1 and am now having some
trouble with nsupdate. Clearing the MX records via nsupdate when the mx
record host doesn't exist returns REFUSED. Here is an example:

# cat /var/named/example.com
$TTL 86400      ; 1 day
example.com   IN SOA  ns2.example.com.com. hostmaster.example.com.com. (
                                2007073000 ; serial
                                10800      ; refresh (3 hours)
                                1800       ; retry (30 minutes)
                                604800     ; expire (1 week)
                                1800       ; minimum (30 minutes)
                        NS      ns1.example.com.
                        NS      ns2.example.com.
                        NS      ns3.example.com.
                        NS      ns4.example.com.
                        NS      ns5.example.com.
$TTL 60 ; 1 minute
                        MX      5 mail.example.com.
$ORIGIN example.com.
www                     A

// I changed the prompt below to avoid reply conflict:

$ nsupdate -y...

] server
] update add test.example.com. 1800 A
] send

// Update add seems to work fine.

] nsupdate delete example.com MX
] send
update failed: REFUSED

// When trying to delete the unresolvable MX record, bind refuses.

] quit
mem.c:866: INSIST((((ctx->pools).head == ((void *)0)) ? isc_boolean_true
: isc_boolean_false)) failed.

// Probably unrelated, but I get that INSIST failure on exit.

In the named.conf options section I specify:

  options {
    check-names response warn;
    check-mx  ignore;

Is there something else I need to specify to be able to clear the MX
records via nsupdate?

Thanks for your help,



Bind 9.4.1-P1, RHEL4, From source:
 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
   --mandir=/usr/share/man -with-openssl=/usr/include/openssl
   --with-libtool --disable-ipv6 --enable-threads CFLAGS=-O3
   -funroll-loops -fomit-frame-pointer

More information about the bind-users mailing list