[PLUG] bind9 not allowing WinXp clients to update DDNS

Mike Leone on 21 Feb 2005 00:50:48 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] bind9 not allowing WinXp clients to update DDNS

From: Mike Leone <turgon@mike-leone.com>

To: plug@lists.phillylinux.org

Subject: [PLUG] bind9 not allowing WinXp clients to update DDNS

Date: Sun, 20 Feb 2005 19:50:13 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

I run a bind9 DNS at home, on Debian testing. I was following this page http://www.mattfoster.clara.co.uk/ddns.htm hoping to allow my WinXP laptop to update it's DHCP address in my DNS. However, I am getting the following message in syslog: Feb 20 19:32:03 mail named[5289]: client 192.168.100.73#2649: updating zone 'mike-leone.com/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET) Feb 20 19:32:03 mail named[5289]: client 192.168.100.73#2652: update 'mike-leone.com/IN' denied and I can't tell why. Attached are dhcp and bind config files. Clues, anyone?
# dhcpd.conf ddns-updates on; # # Sample configuration file for ISC dhcpd # key mykey { algorithm hmac-md5; secret "my-secret-hash-here"; }; option domain-name "mike-leone.com"; option subnet-mask 255.255.255.0; default-lease-time 600; max-lease-time 7200; # this section describes what key to use in what zone zone mike-leone.com. { primary 192.168.100.20; key mykey; } zone 100.168.192.in-addr.arpa. { primary 192.168.100.20; key mykey; } subnet 192.168.100.0 netmask 255.255.255.0 { range 192.168.100.50 192.168.100.90; option broadcast-address 192.168.100.255; option routers 192.168.100.254; option domain-name-servers 192.168.100.20, 204.183.80.2, 207.245.82.2; authoritative; ddns-update-style interim; } authoritative;
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; key mykey { algorithm hmac-md5; secret "my-secret-hash-here; }; // Next the access control section, we allow the 192.168.100.0-255 // subnet, and localhost. acl "home" { 192.168.100.0/24; 127.0.0.1;}; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.100.20; } keys { "mykey"; }; }; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; zone "mike-leone.com" { type master; file "/etc/bind/mike-leone.com.hosts"; allow-update {key mykey; }; }; zone "100.168.192.in-addr.arpa" { type master; file "/etc/bind/192.168.100.ptrs"; allow-update {key mykey; }; }; // zone "com" { type delegation-only; }; // zone "net" { type delegation-only; }; // From the release notes: // Because many of our users are uncomfortable receiving undelegated answers // from root or top level domains, other than a few for whom that behaviour // has been trusted and expected for quite some length of time, we have now // introduced the "root-delegations-only" feature which applies delegation-only // logic to all top level domains, and to the root domain. An exception list // should be specified, including "MUSEUM" and "DE", and any other top level // domains from whom undelegated responses are expected and trusted. // root-delegation-only exclude { "DE"; "MUSEUM"; }; include "/etc/bind/named.conf.local";
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 204.183.80.2; 207.245.82.2; }; auth-nxdomain no; # conform to RFC1035 allow-query { "home"; }; };
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] bind9 not allowing WinXp clients to update DDNS
From: Stephen Gran <steve@lobefin.net>

Prev by Date: Re: [PLUG] SuSE make

Next by Date: Re: [PLUG] bind9 not allowing WinXp clients to update DDNS

Previous by thread: [PLUG] [marsee@oreilly.com: Newsletter from O'Reilly UG Program, February 18]

Next by thread: Re: [PLUG] bind9 not allowing WinXp clients to update DDNS

Index(es):

Date

Thread