need help with dynamic DNS updates, better mysteries

Glenn Satchell Glenn.Satchell at uniq.com.au
Sun Mar 12 12:36:40 UTC 2006


Simon Hobson wrote:
>
>Ross Boylan wrote:
>
>>Mar 10 20:17:32 wheat named[7080]: client 127.0.0.1#33008: view 
>>inside: update 'betterworld.us/IN' denied
>>Mar 10 20:17:32 wheat dhcpd: Unable to add forward map from 
>>corn.betterworld.us to 192.168.40.25: timed out
>
>OK, this tells us a lot. The second line is logged by dhcpd and says 
>that it attempted an update, but it timed out. Not overly helpful as 
>it tells us it failed (useful in itself) but not why ...

If named gets an update request that is not permitted, it ignores it
and does not reply, hence the requesting process times out.

>... but the first line, from named, does tell us why - the update was 
>denied. That means either the zone doesn't have the right "allow 
>update ..." statement OR the statement is there but the key doesn't 
>match (not actually sure if mismatched keys causes a more specific 
>message or not).
>
-->8--snip-->8--
>
>You now need to figure out why the dns server is denying the update requests.
>
>Simon

Perhaps this was a copy/paste typo in an earlier email? But
there is no allow-update in the betterworld.us zone, the one in
the 192.in-addr.arpa looks correct though ...

> 	zone "192.in-addr.arpa" {
> 		type master;
> 		file "/etc/bind/db.192";
> 		allow-query { internals; };
> 		allow-transfer { internals; };
> 		allow-update { key DHCP_UPDATER;};
> 	};
> 
> 	zone "betterworld.us" {
> 		notify no;
> 		type master;
> 		file "/etc/bind/inside-betterworld.us";
> 	};

If this brings no joy, then you can temporarily test without using keys:

		allow-update { localhost; DHCP_UPDATER; };

'localhost' is a special ACL that evaluates true to any locally
configured interface address on the name server. If this works
then the problem is with the keys. Check that algorithm,
quoting, etc, are all correct. There are examples in the
dhcpd.conf man page under the section DYNAMIC DNS UPDATE SECURITY
for both named.conf and dhcpd.conf.

regards,
-glenn



More information about the dhcp-users mailing list