[cumbria_lug] Dynamic Updates in BIND 9 Serving XP and 2003 Server

Malcolm Logan malcolm.logan at stl.org
Tue Jan 3 15:05:46 GMT 2006


After sitting watching the logs for a while I saw

Jan  3 12:08:11 lion named[5910]: client 172.17.7.101#1146: updating
zone 'bravura.stl.org/IN': update unsuccessful:
ca_mlogan.bravura.stl.org/A: 'RRset exists (value dependent)'
prerequisite not satisfied (NXRRSET)
Jan  3 12:08:11 lion named[5910]: zone bravura.stl.org/IN:
ca_mlogan.bravura.stl.org/A: bad owner name (check-names)

Where lion is the BIND9 server and ca_mlogan is the client.

I added the option 'check-names ignore' to the appropriate zones in
named.conf and the problem appears to be solved. 

Many thanks for your suggestions Trevor.

M

-----Original Message-----
From: Malcolm Logan 
Sent: 03 January 2006 11:02
To: 'Cumbria LUG'
Subject: RE: [cumbria_lug] Dynamic Updates in BIND 9 Serving XP and 2003
Server

Tevor,

Thanks for your email. I have turned off SELinux and unfortunately has
made no difference.

I'm wondering if I've understood the Dynamic Updates feature of BIND9
correctly. My understanding is that as long as I allow these in the
named.conf file per zone with 'allow-update' (in conjunction with the
appropriate IP address based ACL) then when I instruct an XP client to
use the BIND9 server as its primary DNS server then the XP client should
register its own IP address and a some_zone.jnl should be created in the
named directory.

I'm pretty certain I've got that right but I may be mistaken?

M

-----Original Message-----
From: cumbria-bounces at mailman.lug.org.uk
[mailto:cumbria-bounces at mailman.lug.org.uk] On Behalf Of Trevor Pearson
Sent: 01 January 2006 17:32
To: Cumbria LUG
Subject: Re: [cumbria_lug] Dynamic Updates in BIND 9 Serving XP and 2003
Server

Malcolm Logan wrote:

>Hello All,
>
>I'm desperate :(
>
>I've just set up BIND 9 on fedora to serve our XP/2003 network as we
are
>having several replication issues and want to ditch the seemingly flaky
>2003 DNS services.
>
>Anyway, I've followed Cricket Liu's recipe in the DNS and Bind Cookbook
>and BIND starts fine. I can do the usual queries etc from an XP client
>but only for static entries to the zone files. I have acl's defined in
>the named.conf file and have added these to the zones I want to be able
>to update.
>
>Restarted the named server and pointed an XP client at it then
restarted
>the client. I can see no evidence of any dynamic updates happening.
Cant
>'nslookup client_host_name' from the client, cant see any '.jnl' files
>appearing on the DNS server (these are the files that hold the dynamic
>updates).
>
>The ultimate AIM is to switch off winDNS and use BIND. I desperately
>need the dynamic bit to work though as the Domain Controllers use
>dynamic DNS to 'announce' the services they are hosting.
>
>I wanted to set this up over the holiday period so it was ready when
>everyone arrives back at work... boohoo.
>
>Has anybody successfully implemented a BIND 9 server providing DNS for
a
>win XP/Server 2003 domain? If so could you get in touch - I'd really
>appreciate some input from someone who already has this working.
>
>Malcolm
>
>
>_____________________________________________________________________
>This e-mail has been scanned for viruses by MCI's Internet Managed
Scanning Services - powered by MessageLabs. For further information
visit http://www.mci.com .
>
>_______________________________________________
>Cumbria mailing list
>Cumbria at mailman.lug.org.uk
>http://mailman.lug.org.uk/mailman/listinfo/cumbria
>http://www.cumbria.lug.org.uk
>
>  
>
Malcolm,

I don't have enough time this week to figure out what problem your 
having but I guess there are one or two places you might look firstly 
there is the Linux Documentation Project Network Admin Guide at ----

http://www.tldp.org/LDP/nag2/index.html
http://www.tldp.org/LDP/nag2/x-087-2-resolv.html

Also It might be a conflict between your setup and recent changes to the

Fedora distro (3 + 4) some difficulties with system deamons are due to 
having 'SELinux' running in 'Secure policy' mode try looking under 
'System Settings' 'security level' and if SELinux is enabled check that 
you are using 'targeted' and not 'secure' policy then there is a 'Name 
Service' section try ticking the 'allow' boxes as the default is to 
not-allow such things as writing to the Master Zone file (It uses the 
term 'overwrite' which could well be the cause of your trouble.. If your

still having trouble try turning SELinux off.

Do let us know if any of this is helpful or if you have tried any of 
these things

Trev

-- 

Trevor Pearson

Home: 01900 62373

E-Mail:trevor at haven.demon.co.uk
E-Mail:Trevor.Pearson at bcs.org
E-Mail:trev15evil at yahoo.co.uk

Yim: trev15evil
Skype: trev15evil

http://www.haven.demon.co.uk


_______________________________________________
Cumbria mailing list
Cumbria at mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/cumbria
http://www.cumbria.lug.org.uk

_____________________________________________________________________
This e-mail has been scanned for viruses by MCI's Internet Managed
Scanning Services - powered by MessageLabs. For further information
visit http://www.mci.com .

_____________________________________________________________________
This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com .



More information about the Cumbria mailing list