Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: NOTAUTH on dynamic zone update

2,726 views
Skip to first unread message

Mark Andrews

unread,
Feb 17, 2009, 3:54:30 PM2/17/09
to

In message <gnalak$f16$1...@news.motzarella.org>, Benedikt Gollatz writes:
> Hello everyone,
>
> I use nsupdate to dynamically update a reverse lookup zone hosted by my
> BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys,
> added an appropriate "key" section to my configuration, added the updating
> host to the "controls" section, and added an "allow-update" parameter to the
> zone configuration like this:
>
> zone "[...]" in {
> type master;
> [...]
> allow-update { key "key-name"; };
> };
>
> I pass the key to nsupdate using one (either) of the keyfiles generated by
> dnssec-keygen with the -k parameter.
>
> Unfortunately this doesn't work. When running nsupdate, I get a "failed: not
> authoritative for update zone (NOTAUTH)" error in my server log file, and no
> updating is done.

The zone section in the update message does NOT match a
master/slave zone configured in the view that the update
message matched.

Mark

> I'm confused about the error message because both the BIND configuration file
> and the SOA record of the zone state that the server indeed is authoritative
> for the update zone.
>
> Also, this configuration works fine with a dhcpd updating a different zone
> hosted by the same server.
>
> Googling yields a few people with similar problems but no real solution. Any
> hints on what I might be doing wrong are appreciated.
>
> Benedikt
>
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org
_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Benedikt Gollatz

unread,
Feb 17, 2009, 4:55:35 PM2/17/09
to
Mark Andrews wrote:
> In message <gnalak$f16$1...@news.motzarella.org>, Benedikt Gollatz writes:
>> Unfortunately this doesn't work. When running nsupdate, I get a "failed:
>> not authoritative for update zone (NOTAUTH)" error in my server log file,
>> and no updating is done.
>
> The zone section in the update message does NOT match a
> master/slave zone configured in the view that the update
> message matched.

You're right, the zone section in the update message referred to a zone in
the same domain as the one configured in named.conf (and hosted by the same
zonefile) but not the configured zone itself. Correcting that solved the
problem.

Thanks.

0 new messages