Re: BIND9 Dynamic Update Zones
Roman Gelfand a écrit :
> When I try run "nsupdate -d -L 9 nsu.tmp", where nsu.tmp is
>
> update add cmm3.workdom.com 3600 A 192.168.10.8
> show
> send
>
> Dynamic zone file
>
> include "/etc/bind/zones.rfc1918";
>
> zone "workdom.com" IN {
> type master;
> file "dyn.workdom.com.zone";
> allow-transfer { any; };
> allow-query { any; };
> allow-update { 127.0.0.1; };
> };
>
> The send command response is REFUSED. I am not sure why.
The zone definition allows updates only from 127.0.0.1. However :
> Sending update to 192.168.3.42#53
Even if nsupdate runs on the server itself, DNS query packets sent to
192.168.3.42 have the same source address 192.168.3.42 by default, not
127.0.0.1. No need to mention that if nsupdate is running on a different
host, the source address cannot be 127.0.0.1.
If nslookup runs on a different host, add its address to the
"allow-update" option in the zone definition.
If nslookup runs on the server itself, you have several options :
- add 192.168.3.42 to the "allow-update" option in the zone definition
- add -l (localhost only mode) to the nsupdate command line
- add "server 127.0.0.1" into nsu.tmp to force the server address
- add "local 127.0.0.1" into nsu.tmp to force the source address
Cf. the manpage for more details.
Reply to: