nsupdate on m0n0wall is trying to send updates to a slave server instead
of the master bind nameserver specified in the MNAME portion of the
domain to be updated's SOA record. This is causing some updates to get
lost because it fails after it tries to send it to the slave server.
Interestingly there are no errors by nsupdate(executing it manually
through exec.php) about the failure but a trace of the network traffic
shows that it is definitely getting denied by the slave server(as the
slave should should reject it).
According to all the information I can find nsupdate is supposed to send
updates to the master DNS server. It obtains that by querying the SOA
record of the domain being updated. This however is not what is being
observed. Nsupdate on m0n0wall seems to just randomly use one of the NS
records for the domain to send updates to because sometimes it sends
updates to a slave server which are rejected.
*note: server1.somedomain.com and server2.somedomain.com are just used
as example dns server hostnames
I have checked the SOA and server1 is specified in the SOA as the MNAME.
server1.somedomain.com and server2.somedomain.com is used for NS
records. For some reason nsupdates are sometimes going to server2 which
is not in the MNAME section of the SOA.
This is the text I found so far explaining how you can override which
server gets the updates and what happens by default if that is left out.
The nsupdatecmds file in /var/etc/ is what seems to be generated for
the nsupdate configuration.
"server servername [ port ]
Sends all dynamic update requests to the name server servername.
When no server statement is provided, nsupdate will send updates to the
master server of the correct zone. The MNAME field of that zone's SOA
record will identify the master server for that zone. port is the port
number on servername where the dynamic update requests get sent. If no
port number is specified, the default DNS port number of 53 is used."
I can add the server part to the nsupdatecmds file manually to force the
updates to the master server according to this information but that of
course is not a good solution when the firewall reboots.
Does anyone know why nsupdate on m0n0wall behaves this way? Is it just
an old version of nsupdate?