#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2015
    Location
    Warren, Mi
    Posts
    9
    Rep Power
    0

    Unable to get BIND9 to update ddns - getting NOTZONE and SERVFAIL errors


    When I run nsupdate to test ddns updating, I get a couple levels of failure. On adding the reverse zone, I get . Then on adding the forward zone entry, I get . I've reached the end of google in trying to identify what I'm doing wrong - does anyone see what's the problem here? I'm not even getting into DHCPD yet, though I have it all configured and ready to go.

    Code:
    nsupdate
    > server ns1.office.somecompany.com
    > key rndc-key xxxxxxxxxxxxxxxxxxxxxxx==
    > zone office.somecompany.com.
    > update add 55.4.168.192.in-addr.arpa. 600 IN PTR stinky.office.somecompany.com.
    > send
    update failed: NOTZONE
    > update add stinky.office.somecompany.com. 600 IN A 192.168.4.55
    > send
    update failed: SERVFAIL
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2015
    Location
    Warren, Mi
    Posts
    9
    Rep Power
    0
    Nice... hit send by mistake. So continuing....

    If I put the above commands into a file (test.bind.ddns) and add the debug switch, my output, to me, is no more helpful:
    Code:
    [root@ns1 ~]# nsupdate -d test.bind.ddns
    Sending update to 192.168.4.25#53
    Outgoing update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   2851
    ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; UPDATE SECTION:
    55.4.168.192.in-addr.arpa. 600  IN      PTR     stinky.office.somecompany.com.
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 aaaaaaaaaaaaaaaaaaaaaa== 2851 NOERROR 0
    
    
    Reply from update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOTZONE, id:   2851
    ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 bbbbbbbbbbbbbbbbbbbbbb== 2851 NOERROR 0
    
    Sending update to 192.168.4.25#53
    Outgoing update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  13185
    ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; UPDATE SECTION:
    stinky.office.somecompany.com. 600 IN A 192.168.4.55
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 cccccccccccccccccccccc== 13185 NOERROR 0
    
    
    Reply from update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id:  13185
    ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 dddddddddddddddddddddd== 13185 NOERROR 0
    
    Sending update to 192.168.4.25#53
    Outgoing update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  56384
    ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 ffffffffffffffffffffff== 56384 NOERROR 0
    
    
    Reply from update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  56384
    ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 gggggggggggggggggggggg== 56384 NOERROR 0
    
    [root@ns1 ~]#
    Here are my config files...

    /etc/named.conf ==========
    Code:
    /etc/named.conf ==========
    options {
     directory "/var/named";
     recursion yes;
     allow-recursion { trusted; };
     listen-on { 192.168.4.25; };
     allow-query { 192.168.4/24; 127.0.0.1; };
     allow-transfer { 192.168.4/24; 127.0.0.1; };
     forwarders {
      8.8.8.8;
      8.8.4.4;
      };
     };
    
    key "rndc-key" {
     algorithm hmac-md5;
     secret "xxxxxxxxxxxxxxxxxxxxxx==";
     };
    
    acl "trusted" {
     192.168.4.0/24;
     };
    
    zone "." IN {
     type hint;
     file "named.ca";
     };
    
    # forward lookup
    zone "office.somecompany.com" {
     type master;
     file "/var/named/forward.office.somecompany.com";
     allow-update { key rndc-key; };
     };
    
    # reverse lookup
    zone "168.192.4.in-addr.arpa" {
     type master;
     file "/var/named/reverse.office.somecompany.com";
     allow-update { key rndc-key; };
     };
    ==========
    /var/named/reverse.office.somecompany.com ==========
    Code:
    /var/named/reverse.office.somecompany.com ==========
    $TTL 604800
    @ IN SOA office.somecompany.com. tj.hooker.us. (
     2015021503     ; Serial YYYYMMDD0x
     604800         ; Refresh (1 week)
     86400          ; Retry (1 day)
     2419200        ; Expire (4 weeks)
     604800 )       ; Negative Cache TTL (1 week)
    ; name servers
     IN NS ns1.office.somecompany.com.
     IN NS ns2.office.somecompany.com.
    ; PTR records
    25 IN PTR ns1.office.somecompany.com.
    26 IN PTR ns2.office.somecompany.com.
    14 IN PTR fileserv01.office.somecompany.com.
    ==========
    /var/named/forward.office.somecompany.com ==========
    /var/named/forward.office.somecompany.com ==========
    $TTL 604800
    @ IN SOA ns1.office.somecompany.com. tj.hooker.us. (
    2015021511 ; Serial YYYYMMDD1x
    604800 ; Refresh (1 week)
    86400 ; Retry (1 day)
    2419200 ; Expire (4 weeks)
    604800 ) ; Negative Cache TTL (1 week)
    ; name servers - NS records
    IN NS ns1.office.somecompany.com.
    IN NS ns2.office.somecompany.com.
    ; A records for name servers
    ns1.office.somecompany.com. IN A 192.168.4.25
    ns2.office.somecompany.com. IN A 192.168.4.26
    ; Other A records
    fileserv01.office.somecompany.com. IN A 192.168.4.14
    ==========
    Feel free to tell me about anything else I messed up. It took me quite a while to find out that spaces at the beginning of the line in the zone files was not a good thing. I've been working on this for weeks now, so I'm close to becoming Amish.

    -Jeff
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2015
    Location
    Warren, Mi
    Posts
    9
    Rep Power
    0
    ... I got cut off by hitting the wrong key... then this might be a duplicate... I'm such a newbie. Anyway, to continue my above post...

    If I put the above commands into a file (test.bind.ddns) and add the debug switch, my output, to me, is no more helpful:
    Code:
    ==========
    [root@ns1 ~]# nsupdate -d test.bind.ddns
    Sending update to 192.168.4.25#53
    Outgoing update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   2851
    ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; UPDATE SECTION:
    55.4.168.192.in-addr.arpa. 600  IN      PTR     stinky.office.somecompany.com.
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 aaaaaaaaaaaaaaaaaaaaaa== 2851 NOERROR 0
    
    
    Reply from update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOTZONE, id:   2851
    ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 bbbbbbbbbbbbbbbbbbbbbb== 2851 NOERROR 0
    
    Sending update to 192.168.4.25#53
    Outgoing update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  13185
    ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; UPDATE SECTION:
    stinky.office.somecompany.com. 600 IN A 192.168.4.55
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 cccccccccccccccccccccc== 13185 NOERROR 0
    
    
    Reply from update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id:  13185
    ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 dddddddddddddddddddddd== 13185 NOERROR 0
    
    Sending update to 192.168.4.25#53
    Outgoing update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  56384
    ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 ffffffffffffffffffffff== 56384 NOERROR 0
    
    
    Reply from update query:
    ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  56384
    ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
    ;; ZONE SECTION:
    ;office.somecompany.com. IN    SOA
    
    ;; TSIG PSEUDOSECTION:
    rndc-key.               0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1424040289 300 16 gggggggggggggggggggggg== 56384 NOERROR 0
    
    [root@ns1 ~]#
    ==========
    Here are the config files:
    Code:
    /etc/named.conf ==========
    options {
     directory "/var/named";
     recursion yes;
     allow-recursion { trusted; };
     listen-on { 192.168.4.25; };
     allow-query { 192.168.4/24; 127.0.0.1; };
     allow-transfer { 192.168.4/24; 127.0.0.1; };
     forwarders {
      8.8.8.8;
      8.8.4.4;
      };
     };
    
    key "rndc-key" {
     algorithm hmac-md5;
     secret "xxxxxxxxxxxxxxxxxxxxxx==";
     };
    
    acl "trusted" {
     192.168.4.0/24;
     };
    
    zone "." IN {
     type hint;
     file "named.ca";
     };
    
    # forward lookup
    zone "office.somecompany.com" {
     type master;
     file "/var/named/forward.office.somecompany.com";
     allow-update { key rndc-key; };
     };
    
    # reverse lookup
    zone "168.192.4.in-addr.arpa" {
     type master;
     file "/var/named/reverse.office.somecompany.com";
     allow-update { key rndc-key; };
     };
    
    ==========
    Code:
    /var/named/reverse.office.somecompany.com ==========
    $TTL 604800
    @ IN SOA office.somecompany.com. tj.hooker.us. (
     2015021503     ; Serial YYYYMMDD0x
     604800         ; Refresh (1 week)
     86400          ; Retry (1 day)
     2419200        ; Expire (4 weeks)
     604800 )       ; Negative Cache TTL (1 week)
    ; name servers
     IN NS ns1.office.somecompany.com.
     IN NS ns2.office.somecompany.com.
    ; PTR records
    25 IN PTR ns1.office.somecompany.com.
    26 IN PTR ns2.office.somecompany.com.
    14 IN PTR fileserv01.office.somecompany.com.
    ==========
    Code:
    /var/named/forward.office.somecompany.com ==========
    $TTL    604800
    @ IN SOA ns1.office.somecompany.com. tj.hooker.us. (
     2015021511     ; Serial YYYYMMDD1x
     604800         ; Refresh (1 week)
     86400          ; Retry (1 day)
     2419200        ; Expire (4 weeks)
     604800 )       ; Negative Cache TTL (1 week)
    ; name servers - NS records
     IN NS ns1.office.somecompany.com.
     IN NS ns2.office.somecompany.com.
    ; A records for name servers
    ns1.office.somecompany.com. IN A 192.168.4.25
    ns2.office.somecompany.com. IN A 192.168.4.26
    ; Other A records
    fileserv01.office.somecompany.com. IN A 192.168.4.14
    ==========
    I've been working on this a couple weeks now - it's kind of making me crazy

IMN logo majestic logo threadwatch logo seochat tools logo