need help with dynamic DNS updates, better mysteries

Glenn Satchell Glenn.Satchell at
Sun Mar 12 12:36:40 UTC 2006

Simon Hobson wrote:
>Ross Boylan wrote:
>>Mar 10 20:17:32 wheat named[7080]: client view 
>>inside: update '' denied
>>Mar 10 20:17:32 wheat dhcpd: Unable to add forward map from 
>> to timed out
>OK, this tells us a lot. The second line is logged by dhcpd and says 
>that it attempted an update, but it timed out. Not overly helpful as 
>it tells us it failed (useful in itself) but not why ...

If named gets an update request that is not permitted, it ignores it
and does not reply, hence the requesting process times out.

>... but the first line, from named, does tell us why - the update was 
>denied. That means either the zone doesn't have the right "allow 
>update ..." statement OR the statement is there but the key doesn't 
>match (not actually sure if mismatched keys causes a more specific 
>message or not).
>You now need to figure out why the dns server is denying the update requests.

Perhaps this was a copy/paste typo in an earlier email? But
there is no allow-update in the zone, the one in
the looks correct though ...

> 	zone "" {
> 		type master;
> 		file "/etc/bind/db.192";
> 		allow-query { internals; };
> 		allow-transfer { internals; };
> 		allow-update { key DHCP_UPDATER;};
> 	};
> 	zone "" {
> 		notify no;
> 		type master;
> 		file "/etc/bind/";
> 	};

If this brings no joy, then you can temporarily test without using keys:

		allow-update { localhost; DHCP_UPDATER; };

'localhost' is a special ACL that evaluates true to any locally
configured interface address on the name server. If this works
then the problem is with the keys. Check that algorithm,
quoting, etc, are all correct. There are examples in the
dhcpd.conf man page under the section DYNAMIC DNS UPDATE SECURITY
for both named.conf and dhcpd.conf.


More information about the dhcp-users mailing list