In message <8741727B99C1AE4488FA3A4CD77D7B6E06A6CAA2@MX-DS0-HQ.minervanetworks. com>, Gary Greene writes: > I'm trying to get bind to use ddns updates for our environment, however > I'm getting errors in the logs on the system that the host is being > denied from making the changes. > > Currently, I'm only allowing certain hosts to update their records, as a > test. > > The stanza for update-policy follows: > > zone "minervanetworks.com" { > type master; > notify yes; > update-policy { > grant ggreene-imac$@MINERVANETWORKS.COM ms-self * A; > grant cvallejo-w7-lt$@MINERVANETWORKS.COM ms-self * A; > grant cvallejo-test-w7-lt$@MINERVANETWORKS.COM ms-self * A; > }; > file "/etc/named.d/minervanetworks.zone"; > check-names ignore; > }; > > The error I see in the logs: > Mar 28 15:57:29 ns1 named[11482]: client 10.5.1.11#52418: view internal: > update 'minervanetworks.com/IN' denied > > The reverse zones work, as they are setup to allow dhcpd to make the > changes (and they work correctly), however the forward zone does not. > > Any insight would be great. Thanks. > > -- > Gary L. Greene, Jr. > Sr. Systems Administrator > IT Operations > Minerva Networks, Inc. > Cell: (650) 704-6633
My bet is that it is that the machines are trying to add AAAA records. Allow both AAAA and A records and they updates should succeed. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users