Mike Leone on 21 Feb 2005 22:38:40 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] bind9 not allowing WinXp clients to update DDNS


Stephen Gran wrote:
> On Mon, Feb 21, 2005 at 04:00:03PM -0500, Mike Leone said:
>> Stephen Gran wrote:
>> > Ah right, you are correct, sorry about that.  Yes, so the directory it
>> > writes the journal to has to be writable by user bind.  Perhaps the
>> > $HOME setting is conflicting with the directory directive?  What does
>> > `getent passwd bind` say?
>> 
>> root@mail:/etc/bind# getent passwd bind
>> bind:x:107:108::/var/cache/bind:/bin/false
> 
> So it should not be trying to write to /etc/bind, then - very odd.
> Aaha, it could be that it writes them to the directory where the zone
> file is!  Do you keep your zone files in /etc/bind?

Good catch. Yes, I do. Because the other zone files listed in named.conf
were in /etc/bind (db.local, etc). So I should move them to /var/cache/bind?


>> All I want is to be able to type "nslookup the-dhcp-address", and come
>> back with a hostname. :-)
>> (and vice-versa)
> 
> I do it for my parents LAN with the arrangement below:
> 
> named.conf.local:
> 
> -------------------------------------------
> 
> key "rndc-key" {
>       algorithm hmac-md5;
>       secret "very-secret";

Is this the rndc.key that is created by the install of bind9, or one you
created yourself?

> };
> 
> acl "home" { 192.168.0.0/24; 127.0.0.1;};
> 
> controls {
>       inet 127.0.0.1 port 953
>       allow { 127.0.0.1; } keys { "rndc-key"; };
> };
> 
> zone "forward.net" {
>       type master;
>       file "forward.net.db";
>       allow-update { key "rndc-key"; };
> };
> 
> zone "0.168.192.in-addr.arpa" {
>       type master;
>       file "168.192.db";
>       allow-update { key "rndc-key"; };
> };
> 
> -------------------------------------------
> 
> named.conf.options:
> 
> -------------------------------------------
> 
>         directory "/var/cache/bind";
>         listen-on  { 192.168.0.1; 127.0.0.1; };
> 
> -------------------------------------------
> 
> dhcpd.conf:
> 
> -------------------------------------------
> 
> ddns-update-style interim;
> 
> key "rndc-key" {
>       algorithm hmac-md5;
>       secret "very-secret";
> };
> 
> zone forward.net {
>     primary 127.0.0.1;
>     key "rndc-key";
> }
> 
> zone 0.168.192.in-addr.arpa {
>     primary 127.0.0.1;
>     key "rndc-key";
> }
> 
> -------------------------------------------
> 
> And of course, very secret has to correlate with what is actually in
> the file rndc-key.
> 
> Sorry I can't help more,

No, this looks good. I will give it a try later.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug