Consistent error message in named.log

Kevin Darcy kcd at daimlerchrysler.com
Thu Jun 28 23:11:52 UTC 2007


allow-update wasn't settable at the options or view level in BIND 9.2.0, 
so you'd need to look for it in the relevant zone definition.

- Kevin

Worsham, Michael wrote:
> I was given a trouble ticket to investigate it from where I am
> contracting. All I can see is several of the error messages (i.e.
> updating zone 'domain.net/IN':update failed: 'name in use' prerequisite
> not satisfied) in the named.log file. The IP address of 000.000.000.00
> in the original message is pointing back at several of the internal
> firewalls.
>
> This is what the named.conf options & logging portion looks like from
> the primary DNS server:
>
> options {
>         version "";
>         directory "/etc/named.data";
>         statistics-file "/var/named/named.stats";
>         pid-file "/var/run/named/named.pid";
>         notify explicit;
>         recursion yes;
>         zone-statistics yes;
>         minimal-responses yes;
>         coresize 50M;   //maximum core size set to 50 MegaBytes
>         cleaning-interval 60;
>         recursive-clients 1500;
>         max-cache-size 10240000;
>         transfer-format many-answers;
>         transfer-source aaa.bbb.ccc.ddd;
>         query-source address aaa.bbb.ccc.ddd port 53;
>         listen-on {
>                 aaa.bbb.ccc.ddd;
>         };
>         allow-recursion {
>                 recursion_hosts;
>         };
>         allow-transfer {
>                 transfer_hosts;
>         };
>         also-notify {
>                 aaa.bbb.ccc.ddd;
>         };
>         blackhole {
>                 none;
>         };
>         listen-on-v6 {
>                 none;
>         };
> };
>
> logging {
>         channel "named_logfile" {
>                 file "/var/adm/syslog/named.log";
>                 severity info;
>                 print-time yes;
>         };
>
>         category "default" {
>                 "named_logfile";
>         };
>
>         category "xfer-in" {
>                 "named_logfile";
>         };
>
>         category "xfer-out" {
>                 "named_logfile";
>         };
>
>         category "config" {
>                 "named_logfile";
>         };
>
>         category "lame-servers" {
>                 "null";
>         };
>
>         category "security" {
>                 "named_logfile";
>         };
>
> };
>
> -- Michael
>
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Kevin Darcy
> Sent: Thursday, June 28, 2007 6:03 PM
> To: bind-users at isc.org
> Subject: Re: Consistent error message in named.log
>
> Worsham, Michael wrote:
>   
>> Platform: HP-UX 11.00
>> BIND Version: 9.2.0 for HP-UX 11.0
>> We are encountering this message in our named.log file:
>>
>> Jun 26 09:52:30.174 client 000.000.000.000#1026: updating zone
>> 'domain.net/IN': update failed: 'name in use' prerequisite not
>>     
> satisfied
>   
>> (NXDOMAIN)
>> Jun 26 09:52:32.483 client 000.000.000.000#1026: updating zone
>> 'domain.net/IN': update failed: 'name in use' prerequisite not
>>     
> satisfied
>   
>> (NXDOMAIN)
>> Jun 26 09:52:37.482 client 000.000.000.000#1026: updating zone
>> 'domain.net/IN': update failed: 'name in use' prerequisite not
>>     
> satisfied
>   
>> (NXDOMAIN)
>>
>> NOTE: 000.000.000.00 and domain.net used due to security reasons.
>>
>> Anyone know what we need to do to correct it? We don't use DHCP
>>     
> anywhere
>   
>> in the business network.
>>
>>   
>>     
> Well, regardless of whether you use DHCP or not, do you have any 
> "allow-update" defined for the zone in question, and is the client 
> permitted to update? If so, then these messages are perfectly normal. 
> The client is attempting to make an update *conditional* on the 
> non-existence of a particular name, and since the name does in fact 
> exist, the update is not being performed. I believe in a later release 
> of BIND they changed the text of this informational message so that it 
> doesn't say "failed" any more -- that was too confusing for a lot of
> folks.
>
>  
>
>                         - Kevin
>
>
>
>
>
>   



More information about the bind-users mailing list