Date: Sun, 3 Mar 2002 23:08:47 +0100 (CET) From: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/35521: nsupdate fails if destination dns is not in your resolv.conf Message-ID: <m16he9v-003pROC@lyxys.ka.sub.org>
next in thread | raw e-mail | index | archive | help
>Number: 35521 >Category: bin >Synopsis: nsupdate fails if destination dns is not in your resolv.conf >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 03 14:30:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Wolfgang Zenker >Release: FreeBSD 4.5-STABLE i386 >Organization: >Environment: System: FreeBSD gate.lyx 4.5-STABLE FreeBSD 4.5-STABLE #1: Sun Mar 3 17:28:22 CET 2002 wolfgang@gate.lyx:/usr/obj/usr/local/src/sys/GATE i386 >Description: Trying to use nsupdate to dynamically update a dns entry fails. It works using an nsupdate from early November (based on BIND 8.2.4) instead of the 8.3.1-based nsupdate that is now in STABLE. Debug-output: Working version (from 4.4-STABLE, based on BIND 8.2.4): ------------------------------------------------------- This is the last part of the output of a working update. As you can see, it asks my nameserver (192.168.203.254) for the NS Record for the destination domain (dyn.sub.org), then sends the update request to that servers ip address. :: ;; res_nmkquery(QUERY, dyn.sub.org, IN, NS) :: ;; res_send() :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43947 :: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; Querying server (# 1) address = 192.168.203.254 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43947 :: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; ANSWER SECTION: :: dyn.sub.org. 23h10m34s IN NS goldie.jpaves.de. :: :: ;; ADDITIONAL SECTION: :: goldie.jpaves.de. 14h52m51s IN A 212.86.210.58 :: :: ;; res_send() :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 43948 :: ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 1 :: ;; dyn.sub.org, type = SOA, class = IN :: lyxys.dyn.sub.org. 0S ANY A :: lyxys.dyn.sub.org. 2m30s IN A 217.227.147.166 :: dynsub. 0S ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. 0 :: ;; Querying server (# 1) address = 212.86.210.58 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 43948 :: ;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1 :: dynsub. 0S ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. 0 :: Non-Working version (from 4.5-STABLE, based on BIND 8.3.1): ----------------------------------------------------------- This is the last part of the output of a non-working update. As you can see, this time the update request is beeing sent to my own nameserver, which has nothing to do with the zone being updated. Therefore it sends back "NOTAUTH". :: ;; res_nmkquery(QUERY, dyn.sub.org, IN, NS) :: ;; res_send() :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42326 :: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; Querying server (# 1) address = 192.168.203.254 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42326 :: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; ANSWER SECTION: :: dyn.sub.org. 23h10m4s IN NS goldie.jpaves.de. :: :: ;; ADDITIONAL SECTION: :: goldie.jpaves.de. 14h52m21s IN A 212.86.210.58 :: :: ;; res_send() :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 42327 :: ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 1 :: ;; dyn.sub.org, type = SOA, class = IN :: lyxys.dyn.sub.org. 0S ANY A :: lyxys.dyn.sub.org. 2m30s IN A 217.227.147.166 :: dynsub. 0S ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. 0 :: ;; Querying server (# 1) address = 192.168.203.254 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 42327 :: ;; flags: qr ra; ZONE: 1, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1 :: ;; dyn.sub.org, type = SOA, class = IN :: . 0S ANY TSIG . 17 >How-To-Repeat: Send update request for a zone where your own nameserver (the one in your resolv.conf) is not authoritative. >Fix: As a workaround I am currently using an old nsupdate binary. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m16he9v-003pROC>