<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Thank you, -d surfaced the issue - now to decide what to do about it...</div>
<div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> bind-users <bind-users-bounces@lists.isc.org> on behalf of Kevin Darcy <kevin.darcy@fcagroup.com><br>
<b>Sent:</b> Tuesday, August 4, 2020 3:28 PM<br>
<b>To:</b> bind-users@lists.isc.org <bind-users@lists.isc.org><br>
<b>Subject:</b> [EXTERNAL] Re: CNAME restrictions</font>
<div> </div>
</div>
<div>
<p></p>
<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">
<span style="color:#9C6500">CAUTION:</span> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<p></p>
<div>
<div dir="ltr">
<div>[ Classification Level: <font color="blue">GENERAL BUSINESS</font> ]</div>
<br class="x_cursAfter">
Offhand, it looks like the server side is configured to only allow authenticated updates, but you're sending an unauthenticated one.
<div><br>
</div>
<div>A more nuanced issue might be if the ID you're running the nsupdate as, can't read the key files, so even though you may have intended the update to be signed, it actually wasn't.</div>
<div><br>
</div>
<div>Did you try adding a -d to the nsupdate command? If so, does the debug output give any clues?</div>
<div><br>
</div>
<div> - Kevin</div>
<div><br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Tue, Aug 4, 2020 at 1:30 PM Leroy Tennison <<a href="mailto:leroy@datavoiceint.com">leroy@datavoiceint.com</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0); font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">I have a situation where, due to the system's location (IP subnet), its DNS name is <webserver>.<internal subdomain>.<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,0gSBGzOV_9iJ4F-vOfqNwsk4Kjf6AQvm_Nt3gjCZAng77d3CYgiVYS_-yNeGK3M-LLCuD8B-erwPcTNMkAxJaTdxayw90W-cIVfFe6TBpYonsjiZafcGPSBGsgSS&typo=1" target="_blank">datavoiceint.com</a>.
We have a certificate for *.<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,e3FlEDT18o4d4tQSRMvBH_pJRuK7156_n6wtGIzdpwjQt88Y_j375seki-O4IjtqsVLmsYGablGT9qnLV7jap1khSDSeV8Qt3U6JQ73WAhGbMMeoi10k&typo=1" target="_blank">datavoiceint.com</a>
which </span><span style="color:rgb(0,0,0); font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">we prefer to use instead of having to acquire a certificate for <internal subdomain>.<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,6-PPelQOIFl5wSdbP2RNe2N6pkrhqneq6Ezfx3p5-pXYgNrt6J521WJEJJKFmvxtsjfuSzRbWHJnSbpTUyu6XqeAeCg6OO0-KzDJiXfe1ccW7qg9pN7g2CgI&typo=1" target="_blank">datavoiceint.com</a>
since this is a one-off internal-only web server. Our (ISC) DNS servers (version 9.10.3-P4-Ubuntu that comes with Ubuntu 16.04) serve both domains. I thought a solution would be to use a CNAME but, when I attempt this (via nsupdate with the update key which
works for A and PTR adds and deletes) I get (on "send"):</span><br>
</div>
<div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"> TSIG error with server: expected a TSIG or SIG(0)</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">update failed: NOTIMP<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">What I tried (on both <internal subdomain>.<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,WqKTpCcatx2SaWvqy4SyBLF0mNa1-gW8LKH80Ec2eWBinE3E7c5lEHLpjRuSiRnF_xc32FO_Ke1HOfMD3_RKS1c_-Gb4quMBWrNQrHh74wi-HJkg&typo=1" target="_blank">datavoiceint.com</a>.
and <a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,gDRbc9b7Hocp2adLEqMg2H4aBk9B80nSlj9DRUkwds45t2gqX4OYSPpS7T0rTc7SpPNhIUwv5Qxh01PYiNrEy5_9cB7--c16EqfcCxXOM4w,&typo=1" target="_blank">datavoiceint.com</a>.) was:</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">update add <<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">webserver></span>.<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,LMSRr0xOj2dbcOJlyj5U8VIFyRH5ecttdkU4Je538OMUPmbLfqBLc5uT1bH4P4-AQWj7eME7APcmrfzjgPYOORSQ1gGlo41FqXQQU67iTV6fGo1tYi-G3-c,&typo=1" target="_blank">datavoiceint.com</a>.
86400 IN CNAME <span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"><webserver>.<internal subdomain></span>.<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdatavoiceint.com&c=E,1,K69ghu-8VkYZl4XrnMCfdzlp4UUfK2BGmh9Q9xWS3VzeXkVGOtpJequZa-J_gQCYM2J904MVlyeH5VboQjCatM-y6QbI5FtcIV32w9Cx&typo=1" target="_blank">datavoiceint.com</a>.<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">Apparently I'm mis-understanding CNAME usage, if I actually can use a CNAME record what should the format be (or do I need to configure
bind differently to use it since part of the reply is NOTIMP)? If that's not possible due to CNAME restrictions are there any alternatives?</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Arial,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">Thanks for your help.</span></div>
</div>
</div>
<p id="x_m_-6032679741644376038c1-id-7" style="font-size:0px; font-family:Arial; color:#fff">
Harriscomputer</p>
<table id="x_m_-6032679741644376038c1-id-8" style="border-left-width:0px; border-right-width:0px; border-bottom-width:0px; padding-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; padding-right:0px; border-top-width:0px">
<colgroup id="x_m_-6032679741644376038c1-id-9"><col id="x_m_-6032679741644376038c1-id-10"></col></colgroup>
<tbody id="x_m_-6032679741644376038c1-id-11">
<tr id="x_m_-6032679741644376038c1-id-12">
<td id="x_m_-6032679741644376038c1-id-13">
<table id="x_m_-6032679741644376038c1-id-14" cellspacing="0" cellpadding="0" border="0" style="height:0px; width:100%">
<colgroup id="x_m_-6032679741644376038c1-id-15"><col id="x_m_-6032679741644376038c1-id-16"><col id="x_m_-6032679741644376038c1-id-17"><col id="x_m_-6032679741644376038c1-id-18"></col></col></col></colgroup>
<tbody id="x_m_-6032679741644376038c1-id-19">
<tr id="x_m_-6032679741644376038c1-id-27">
<td id="x_m_-6032679741644376038c1-id-28" style="width:33%">
<p align="left" style="font-size:10pt; font-family:Arial"><b id="x_m_-6032679741644376038c1-id-30"><font id="x_m_-6032679741644376038c1-id-31" face="Arial">Leroy Tennison<br id="x_m_-6032679741644376038c1-id-32">
</font></b><font id="x_m_-6032679741644376038c1-id-33" size="2" face="Arial">Network Information/Cyber Security Specialist<br id="x_m_-6032679741644376038c1-id-38">
<span id="x_m_-6032679741644376038c1-id-39" style="font-size:8pt">E: <a href="mailto:leroy@datavoiceint.com" target="_blank">
leroy@datavoiceint.com</a><br>
P:</span></font></p>
</td>
<td id="x_m_-6032679741644376038c1-id-40" style="width:33%">
<p align="center" style="font-size:10pt; font-family:Arial; text-align:center"><br id="x_m_-6032679741644376038c1-id-43">
<img border="0" data-outlook-trace="F:0|T:1" src="cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG"></p>
</td>
<td id="x_m_-6032679741644376038c1-id-45" style="width:33%">
<p id="x_m_-6032679741644376038c1-id-46" align="right" style="font-size:10pt; font-family:Arial; text-align:right">
<font id="x_m_-6032679741644376038c1-id-47" face="Arial" style="font-size:8pt">2220 Bush Dr<br id="x_m_-6032679741644376038c1-id-48">
McKinney, Texas<br id="x_m_-6032679741644376038c1-id-49">
75070<br>
<font id="x_m_-6032679741644376038c1-id-51" face="Arial" style="font-size:8pt"><a href="http://www..com" target="_blank">www.datavoiceint.com</a></font></font><font id="x_m_-6032679741644376038c1-id-56" size="3"> </font></p>
</td>
</tr>
</tbody>
</table>
<table id="x_m_-6032679741644376038c1-id-57" cellspacing="2" border="0" style="width:100%">
<colgroup id="x_m_-6032679741644376038c1-id-58"><col id="x_m_-6032679741644376038c1-id-59"><col id="x_m_-6032679741644376038c1-id-60"><col id="x_m_-6032679741644376038c1-id-61"></col></col></col></colgroup>
<tbody id="x_m_-6032679741644376038c1-id-62">
<tr id="x_m_-6032679741644376038c1-id-63">
<td id="x_m_-6032679741644376038c1-id-64" colspan="3">
<p id="x_m_-6032679741644376038c1-id-65" style="margin-bottom:0px; font-size:10pt; font-family:Arial; margin-top:0px">
<font id="x_m_-6032679741644376038c1-id-66" size="1" face="Arial">This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc.</font></p>
<p style="margin-bottom:0px; font-size:10pt; font-family:Arial; margin-top:0px"><font size="1" face="Arial">If you prefer not to be contacted by Harris Operating Group
<a href="https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f&c=E,1,tDHN8eusdo1dmAH7sVm4QCbMt63IMR6Im_-2r3epFrKvWDlRIiNUdnjRrqlc7YbDFZi26vf4PH2bi8fXxWwxgooQFPSr0rZ89dfsdV3EvGhNQhzOxc6dkeUO&typo=1" target="_blank">
please notify us</a>. </font></p>
<p style="margin-bottom:0px; font-size:10pt; font-family:Arial; margin-top:0px"> </p>
<p style="margin-bottom:0px; font-size:10pt; font-family:Arial; margin-top:0px"><font size="1" face="Arial"></font></p>
<p style="margin-bottom:0px; font-size:10pt; font-family:Arial; margin-top:0px"><font size="1" face="Arial">This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary,
privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please
notify the sender immediately by e-mail and delete all copies of the message.</font></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p id="x_m_-6032679741644376038c1-id-74" style="font-size:10pt; font-family:Arial">
</p>
</div>
_______________________________________________<br>
Please visit <a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.isc.org%2fmailman%2flistinfo%2fbind-users&c=E,1,CDMflPVUr90kiYfSOvXo00T7TBy9AFUx6FdLRdQBJa-nfuss1-6v2StCLMjo5N7XEWIzaAMYqdLxCJm19LkU41PJ7S70tpWHEbsHm_wRreEtphpp0w,,&typo=1" rel="noreferrer" target="_blank">
https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.isc.org%2fcontact%2f&c=E,1,zAjBUTG3aODlmEnA9xOCfIc-FLN7uOu1DJKXw8Di5qzNFwVHyjgzPL-Fz4AGawuWpUobdCCcvjoC2yzfGz6u5wChvrFo_HlzGCt2MGZRPraxh9UnfgFFPElXjA,,&typo=1" rel="noreferrer" target="_blank">
https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.isc.org%2fmailman%2flistinfo%2fbind-users&c=E,1,S19JJd3-XjKGpp0iiFqcNeZ9ZhMDJTJXXYfdHBbUbJTkidDuGUItxy4j8ymlHdHl1DtSX9Y5wSZGiz_-fngKSPWyp8oCKUEsRXNwiJ2pcgcpoug,&typo=1" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<P id=c1-id-7
style="FONT-SIZE: 0px; FONT-FAMILY: Arial; COLOR: #fff">Harriscomputer</P>
<TABLE id=c1-id-8
style="BORDER-LEFT-WIDTH: 0px; BORDER-RIGHT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px">
<COLGROUP id=c1-id-9>
<COL id=c1-id-10></COL></COLGROUP>
<TBODY id=c1-id-11>
<TR id=c1-id-12>
<TD id=c1-id-13>
<TABLE id=c1-id-14 style="HEIGHT: 0px; WIDTH: 100%" cellSpacing=0
cellPadding=0 border=0>
<COLGROUP id=c1-id-15>
<COL id=c1-id-16>
<COL id=c1-id-17>
<COL id=c1-id-18></COL></COL></COL></COLGROUP>
<TBODY id=c1-id-19>
<TR id=c1-id-27>
<TD id=c1-id-28 style="WIDTH: 33%">
<P style="FONT-SIZE: 10pt; FONT-FAMILY: Arial" align=left><B
id=c1-id-30><FONT id=c1-id-31 face=Arial>Leroy Tennison<BR
id=c1-id-32></FONT></B><FONT id=c1-id-33 size=2
face=Arial>Network Information/Cyber Security Specialist<BR id=c1-id-38><SPAN id=c1-id-39
style="FONT-SIZE: 8pt">E: leroy@datavoiceint.com<BR>P:</SPAN></FONT></P></TD>
<TD id=c1-id-40 style="WIDTH: 33%">
<P style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; TEXT-ALIGN: center"
align=center><BR id=c1-id-43><IMG border=0
src="cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG"></P></TD>
<TD id=c1-id-45 style="WIDTH: 33%">
<P id=c1-id-46
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; TEXT-ALIGN: right"
align=right><FONT id=c1-id-47 style="FONT-SIZE: 8pt"
face=Arial>2220 Bush Dr<BR id=c1-id-48>McKinney, Texas<BR
id=c1-id-49>75070<BR><FONT id=c1-id-51
style="FONT-SIZE: 8pt" face=Arial><A
href="http://www..com">www.datavoiceint.com</A></FONT></FONT><FONT
id=c1-id-56 size=3> </FONT></P></TD></TR></TBODY></TABLE>
<TABLE id=c1-id-57 style="WIDTH: 100%" cellSpacing=2 border=0>
<COLGROUP id=c1-id-58>
<COL id=c1-id-59>
<COL id=c1-id-60>
<COL id=c1-id-61></COL></COL></COL></COLGROUP>
<TBODY id=c1-id-62>
<TR id=c1-id-63>
<TD id=c1-id-64 colSpan=3>
<P id=c1-id-65
style="MARGIN-BOTTOM: 0px; FONT-SIZE: 10pt; FONT-FAMILY: Arial; MARGIN-TOP: 0px"><FONT
id=c1-id-66 size=1 face=Arial>This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc.</FONT></P>
<P
style="MARGIN-BOTTOM: 0px; FONT-SIZE: 10pt; FONT-FAMILY: Arial; MARGIN-TOP: 0px"><FONT
size=1 face=Arial>If you prefer not to be contacted by Harris
Operating Group <A
href="http://subscribe.harriscomputer.com/">please notify us</A>.
</FONT></P>
<P
style="MARGIN-BOTTOM: 0px; FONT-SIZE: 10pt; FONT-FAMILY: Arial; MARGIN-TOP: 0px"> </P>
<P
style="MARGIN-BOTTOM: 0px; FONT-SIZE: 10pt; FONT-FAMILY: Arial; MARGIN-TOP: 0px"><FONT
size=1 face=Arial></FONT></P>
<P
style="MARGIN-BOTTOM: 0px; FONT-SIZE: 10pt; FONT-FAMILY: Arial; MARGIN-TOP: 0px"><FONT
size=1 face=Arial>This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.</FONT></P></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<P id=c1-id-74
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> </P></body>
</html>