| Stephen Gran on 21 Feb 2005 16:25:27 -0000 |
|
On Sun, Feb 20, 2005 at 07:50:13PM -0500, Mike Leone said: > I run a bind9 DNS at home, on Debian testing. I was following this page > > http://www.mattfoster.clara.co.uk/ddns.htm > > hoping to allow my WinXP laptop to update it's DHCP address in my DNS. > However, I am getting the following message in syslog: > > Feb 20 19:32:03 mail named[5289]: client 192.168.100.73#2649: updating > zone 'mike-leone.com/IN': update failed: 'RRset exists (value > dependent)' prerequisite not satisfied (NXRRSET) > Feb 20 19:32:03 mail named[5289]: client 192.168.100.73#2652: update > 'mike-leone.com/IN' denied > > and I can't tell why. Attached are dhcp and bind config files. > > Clues, anyone? > > Also try ddns-update-style interim; in dhcpd.conf But your major problem is that the updates are coming from a machine that doesn't have access to the secret shared key (I think I read that right) - they need to come from dhcpd, not from the windows client itself. To do this, do: ---------------------------------------------------- key "secret-key" { algorithm hmac-md5; secret "oh-so-secret"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "secret-key"; }; }; ---------------------------------------------------- ddns-update-style interim; key "secret-key" { algorithm hmac-md5; secret "oh-so-secret"; }; zone ... { primary 127.0.0.1; key "secret-key"; } ---------------------------------------------------- Alternately, if dhcpd and bind are on seperate machines, then you need to adjust the inet line above - right now you are saying accept only on lo, and allow updates from lo and the LAN. Since the LAN will never make it to lo, this won't work. You can instead use an inet * line - rndc defaults to port 953, so it is uneccesary. The new stanza is then: controls { inet * allow { 127.0.0.1; 192.168.100.0; } keys { "secret-key"; }; }; HTH, -- -------------------------------------------------------------------------- | Stephen Gran | The human race is a race of cowards; | | steve@lobefin.net | and I am not only marching in that | | http://www.lobefin.net/~steve | procession but carrying a banner. -- | | | Mark Twain | -------------------------------------------------------------------------- Attachment:
pgp7BHZnmYwmk.pgp ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|