[ previous ] [ next ] [ threads ]
 From:  Adam Gibson <agibson at ptm dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RFC 2136 Dynamic DNS using slave sometimes instead of master server
 Date:  Fri, 11 Nov 2005 14:44:34 -0500
nsupdate on m0n0wall is trying to send updates to a slave server instead 
of the master bind nameserver specified in the MNAME portion of the 
domain to be updated's SOA record.  This is causing some updates to get 
lost because it fails after it tries to send it to the slave server. 
Interestingly there are no errors by nsupdate(executing it manually 
through exec.php) about the failure but a trace of the network traffic 
shows that it is definitely getting denied by the slave server(as the 
slave should should reject it).

According to all the information I can find nsupdate is supposed to send 
updates to the master DNS server.  It obtains that by querying the SOA 
record of the domain being updated.  This however is not what is being 
observed.  Nsupdate on m0n0wall seems to just randomly use one of the NS 
records for the domain to send updates to because sometimes it sends 
updates to a slave server which are rejected.

*note: server1.somedomain.com and server2.somedomain.com are just used 
as example dns server hostnames

I have checked the SOA and server1 is specified in the SOA as the MNAME. 
  server1.somedomain.com and server2.somedomain.com is used for NS 
records.  For some reason nsupdates are sometimes going to server2 which 
is not in the MNAME section of the SOA.

This is the text I found so far explaining how you can override which 
server gets the updates and what happens by default if that is left out. 
  The nsupdatecmds file in /var/etc/ is what seems to be generated for 
the nsupdate configuration.

"server servername [ port ]
     Sends all dynamic update requests to the name server servername. 
When no server statement is provided, nsupdate will send updates to the 
master server of the correct zone. The MNAME field of that zone's SOA 
record will identify the master server for that zone. port is the port 
number on servername where the dynamic update requests get sent. If no 
port number is specified, the default DNS port number of 53 is used."

I can add the server part to the nsupdatecmds file manually to force the 
updates to the master server according to this information but that of 
course is not a good solution when the firewall reboots.

Does anyone know why nsupdate on m0n0wall behaves this way?  Is it just 
an old version of nsupdate?