[ previous ] [ next ] [ threads ]
 From:  Adam Gibson <agibson at ptm dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RFC 2136 Dynamic DNS using slave sometimes instead of master server
 Date:  Fri, 11 Nov 2005 15:15:09 -0500
I do not know why nsupdate in m0n0wall does not use the MNAME field in
the domains SOA record but I was able to resolve the problem because
bind versions 9.1.0 and later support update forwarding in slave
configurations using the allow-update-forwarding in zone configurations.

Anyone with bind versions older than that are out of luck though.

Adam Gibson wrote:
> nsupdate on m0n0wall is trying to send updates to a slave server instead 
> of the master bind nameserver specified in the MNAME portion of the 
> domain to be updated's SOA record.  This is causing some updates to get 
> lost because it fails after it tries to send it to the slave server. 
> Interestingly there are no errors by nsupdate(executing it manually 
> through exec.php) about the failure but a trace of the network traffic 
> shows that it is definitely getting denied by the slave server(as the 
> slave should should reject it).
> According to all the information I can find nsupdate is supposed to send 
> updates to the master DNS server.  It obtains that by querying the SOA 
> record of the domain being updated.  This however is not what is being 
> observed.  Nsupdate on m0n0wall seems to just randomly use one of the NS 
> records for the domain to send updates to because sometimes it sends 
> updates to a slave server which are rejected.
> *note: server1.somedomain.com and server2.somedomain.com are just used 
> as example dns server hostnames
> I have checked the SOA and server1 is specified in the SOA as the MNAME. 
>  server1.somedomain.com and server2.somedomain.com is used for NS 
> records.  For some reason nsupdates are sometimes going to server2 which 
> is not in the MNAME section of the SOA.
> This is the text I found so far explaining how you can override which 
> server gets the updates and what happens by default if that is left out. 
>  The nsupdatecmds file in /var/etc/ is what seems to be generated for 
> the nsupdate configuration.
> "server servername [ port ]
>     Sends all dynamic update requests to the name server servername. 
> When no server statement is provided, nsupdate will send updates to the 
> master server of the correct zone. The MNAME field of that zone's SOA 
> record will identify the master server for that zone. port is the port 
> number on servername where the dynamic update requests get sent. If no 
> port number is specified, the default DNS port number of 53 is used."
> I can add the server part to the nsupdatecmds file manually to force the 
> updates to the master server according to this information but that of 
> course is not a good solution when the firewall reboots.
> Does anyone know why nsupdate on m0n0wall behaves this way?  Is it just 
> an old version of nsupdate?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch