Strange error from nsupdate

Chris Buxton chris.p.buxton at
Mon Feb 14 19:18:21 UTC 2011

On Feb 14, 2011, at 6:31 AM, Chris Thompson wrote:

> We are running BIND 9.7.2-P3, and update our zones with nsupdate calls
> that look like this:
> nsupdate -v -k keys/update-key <[input] >/dev/null 2>[errors]
> This is run from a Solaris 10_x86 non-global "zone" (container).
> On a couple of occasions it has generated the error
> dns_dispatch_getudp (v4): permission denied
> This seems to strike at random, and goes away on retrying the same
> nsupdate call. What's really strange here is that nsupdate is being
> told to use TCP (the -v option), so why is it messing around with UDP?
> Has anyone else seen this?

I haven't seen it specifically, but:

- nsupdate might be sending a query (over UDP) to fill in missing info, such as the zone or server to update.

- Your Solaris container might be the problem. I've heard of problems running named in a container, typically performance problems but this type of behavior might explain a performance issue.

Chris Buxton
BlueCat Networks

More information about the bind-users mailing list