From owner-freebsd-bugs Sun Mar 3 14:30: 9 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7A37437B405 for ; Sun, 3 Mar 2002 14:30:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g23MU1U69268; Sun, 3 Mar 2002 14:30:01 -0800 (PST) (envelope-from gnats) Received: from subnet.sub.net (subnet.sub.net [212.227.14.21]) by hub.freebsd.org (Postfix) with ESMTP id 032B337B400 for ; Sun, 3 Mar 2002 14:24:22 -0800 (PST) Received: from lyxys.ka.sub.org (uucp@localhost) by subnet.sub.net (8.11.6/8.11.6/subnet-freebsd-1.0) with bsmtp id g23MOKk91894 for FreeBSD-gnats-submit@freebsd.org; Sun, 3 Mar 2002 23:24:20 +0100 (CET) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from localhost (4715 bytes) by lyxys.ka.sub.org via sendmail with P:stdio/R:smart_host/T:inet_uusmtp (sender: ) (ident using unix) id for ; Sun, 3 Mar 2002 23:08:47 +0100 (CET) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Aug-23) Message-Id: Date: Sun, 3 Mar 2002 23:08:47 +0100 (CET) From: Wolfgang Zenker Reply-To: Wolfgang Zenker To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/35521: nsupdate fails if destination dns is not in your resolv.conf Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 35521 >Category: bin >Synopsis: nsupdate fails if destination dns is not in your resolv.conf >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 03 14:30:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Wolfgang Zenker >Release: FreeBSD 4.5-STABLE i386 >Organization: >Environment: System: FreeBSD gate.lyx 4.5-STABLE FreeBSD 4.5-STABLE #1: Sun Mar 3 17:28:22 CET 2002 wolfgang@gate.lyx:/usr/obj/usr/local/src/sys/GATE i386 >Description: Trying to use nsupdate to dynamically update a dns entry fails. It works using an nsupdate from early November (based on BIND 8.2.4) instead of the 8.3.1-based nsupdate that is now in STABLE. Debug-output: Working version (from 4.4-STABLE, based on BIND 8.2.4): ------------------------------------------------------- This is the last part of the output of a working update. As you can see, it asks my nameserver (192.168.203.254) for the NS Record for the destination domain (dyn.sub.org), then sends the update request to that servers ip address. :: ;; res_nmkquery(QUERY, dyn.sub.org, IN, NS) :: ;; res_send() :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43947 :: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; Querying server (# 1) address = 192.168.203.254 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43947 :: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; ANSWER SECTION: :: dyn.sub.org. 23h10m34s IN NS goldie.jpaves.de. :: :: ;; ADDITIONAL SECTION: :: goldie.jpaves.de. 14h52m51s IN A 212.86.210.58 :: :: ;; res_send() :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 43948 :: ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 1 :: ;; dyn.sub.org, type = SOA, class = IN :: lyxys.dyn.sub.org. 0S ANY A :: lyxys.dyn.sub.org. 2m30s IN A 217.227.147.166 :: dynsub. 0S ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. 0 :: ;; Querying server (# 1) address = 212.86.210.58 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 43948 :: ;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1 :: dynsub. 0S ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. 0 :: Non-Working version (from 4.5-STABLE, based on BIND 8.3.1): ----------------------------------------------------------- This is the last part of the output of a non-working update. As you can see, this time the update request is beeing sent to my own nameserver, which has nothing to do with the zone being updated. Therefore it sends back "NOTAUTH". :: ;; res_nmkquery(QUERY, dyn.sub.org, IN, NS) :: ;; res_send() :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42326 :: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; Querying server (# 1) address = 192.168.203.254 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42326 :: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 :: ;; QUERY SECTION: :: ;; dyn.sub.org, type = NS, class = IN :: :: ;; ANSWER SECTION: :: dyn.sub.org. 23h10m4s IN NS goldie.jpaves.de. :: :: ;; ADDITIONAL SECTION: :: goldie.jpaves.de. 14h52m21s IN A 212.86.210.58 :: :: ;; res_send() :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 42327 :: ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 1 :: ;; dyn.sub.org, type = SOA, class = IN :: lyxys.dyn.sub.org. 0S ANY A :: lyxys.dyn.sub.org. 2m30s IN A 217.227.147.166 :: dynsub. 0S ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. 0 :: ;; Querying server (# 1) address = 192.168.203.254 :: ;; new DG socket :: ;; got answer: :: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 42327 :: ;; flags: qr ra; ZONE: 1, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1 :: ;; dyn.sub.org, type = SOA, class = IN :: . 0S ANY TSIG . 17 >How-To-Repeat: Send update request for a zone where your own nameserver (the one in your resolv.conf) is not authoritative. >Fix: As a workaround I am currently using an old nsupdate binary. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message