Please remember to reply to the mailing list, not the original sender: http://gnudip2.sourceforge.net/#mailinglist
+++++++++ I suppose it is possible that there may be interoperability issues between BIND components and djbdns components. I think the BIND people have tried very hard to be compatible with standards, and probably Dan Bernstein has too. But this would not be the first time that a standard was general enough to allow incompatible interpretations. I suppose this kind of issue might best be discussed on the BIND or djbdns mailing lists, although you are welcome to use this one if you like. I suspect there would be more BIND and djbdns expertise on those lists though. === I have not looked through your traces in detail. But I expect the problem must be occuring during the "first phase" of nsupdate's operation, when it is trying to determine what server to actually send the update message to (i.e. the master server for the zone, as specified in the SOA for the zone). I would think once it new what (BIND) server to send the actual update to it would probably be OK. If there is a real need for you to have a djbdns cache in between you and the BIND server for the dynamic domain, it might be possible to modify GnuDIP to insert a "server" directive to nsupdate. This directive is currently not used because it is not available in BIND 8. If your BIND version (well, nsupdate anyway)is 9, and you have sufficient facility with Perl, you could try inserting a "server" directive telling nsupdate the server to send the update to. This might make it work. Mariano Absatz wrote: > > Please remember to reply to the mailing list, not the original sender: > > http://gnudip2.sourceforge.net/#mailinglist > > +++++++++ > > El 22 Apr 2002 a las 21:17, Thilo Bangert escribió: > > > > > On Monday, 22. April 2002 21:03, you wrote: > > > Hi, > > > > Hi > > > > > > > > I just installed GnuDIP 2.3.5 and was toying around and > > > adjusting things when it "suddenly" stopped working. I > > > couldn't update via web or via tcp... I checked and > > > noticed that in fact, I wasn't able to make a > > > successful nsupdate even via command line. > > > > > > I added "-d" to nsupdate and saw that the error message > > > said something about not getting a SOA record. > > > > > > A "host -t soa host.dyndomain.mydomain.com" didn't get > > > a SOA record but, as far as I remembered, never did. > > > The SOA belongs to dyndomain.mydomain.com not to > > > host.dyndomain.mydomain.com. > > > > > > After a while I remembered I had changed the order of > > > the nameserver entries in /etc/resolv.conf in the > > > GnuDIP host. > > > > > > Originally there was a BIND resolver (not the BIND > > > authoritative server) and I had put it below a DJB's > > > dnscache. > > > > > > After digging enough I noticed the following. > > > > > > With the BIND resolver I got the following: > > > > # dnsqr any host.dyndomain.mydomain.com > > > > 255 host.dyndomain.mydomain.com: > > > > 97 bytes, 1+0+1+0 records, response, authoritative, nxdomain > > > > query: 255 host.dyndomain.mydomain.com > > > > authority: dyndomain.mydomain.com 10 SOA ns1.dyndomain.mydomain.com > > > > hostmaster.dyndomain.mydomain.com 2002042214 10800 3600 3600000 10 > > > > > > And with DJB's dnscache: > > > > # dnsqr any host.dyndomain.mydomain.com > > > > 255 host.dyndomain.mydomain.com: > > > > 41 bytes, 1+0+0+0 records, response, authoritative, nxdomain > > > > query: 255 host.dyndomain.mydomain.com > > > > > > Note that BIND includes an authority section for > > > whoever has authority to that domain, whereas dnscache > > > does not. > > > > > > The point is, if you are using nsupdate, you CAN'T > > > resolve via dnscache. > > > > why do you conclude that? i can't seem to follow you... > > > 192.168.1.2 is running dnscache > 192.168.1.99 is running bind 8.2.3 (cache only) > > /etc/resolv.conf has > nameserver 192.168.1.2 > nameserver 192.168.1.99 > > > # nsupdate -d -v > > > update delete baby.dyn.pertisp.com.ar. in a > > > > > Reply from SOA query: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49055 > > ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;baby.dyn.pertisp.com.ar. IN SOA > > > > > > response to SOA query didn't contain an SOA > > # > > nsupdate doesn't work and complains that a response to SOA query didn't contain an >SOA. > > Here's dnscache log: > 2002-04-22 16:54:53.404173500 query 28856 192.168.1.7:32834:49055 soa >baby.dyn.pertisp.com.ar. > 2002-04-22 16:54:53.404179500 cached ns pertisp.com.ar. ns1.pertisp.com.ar. > 2002-04-22 16:54:53.404182500 cached ns pertisp.com.ar. ns2.pertisp.com.ar. > 2002-04-22 16:54:53.404184500 cached a ns1.pertisp.com.ar. > 2002-04-22 16:54:53.404186500 cached a ns2.pertisp.com.ar. > 2002-04-22 16:54:53.404188500 tx 0 soa baby.dyn.pertisp.com.ar. pertisp.com.ar. >200.49.76.6 > 200.49.76.6 200.49.76.34 > 2002-04-22 16:54:53.406347500 nodata 200.49.76.6 10 6 baby.dyn.pertisp.com.ar. > > If you look at what the query for "ANY" answers, you get: > > # dnsqr any baby.dyn.pertisp.com.ar > > 255 baby.dyn.pertisp.com.ar: > > 57 bytes, 1+1+0+0 records, response, noerror > > query: 255 baby.dyn.pertisp.com.ar > > answer: baby.dyn.pertisp.com.ar 5 A 1.2.3.4 > > Now I flip the order in /etc/resolv.conf: > nameserver 192.168.1.99 > nameserver 192.168.1.2 > > > # nsupdate -d -v > > > update delete baby.dyn.pertisp.com.ar. in a > > > > > Reply from SOA query: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24278 > > ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;baby.dyn.pertisp.com.ar. IN SOA > > > > ;; AUTHORITY SECTION: > > dyn.pertisp.com.ar. 10 IN SOA ns1.pertisp.com.ar. >hostmaster.pert.com.ar. 2002042215 10800 3600 3600000 10 > > > > > > Found zone name: dyn.pertisp.com.ar > > The master is: ns1.pertisp.com.ar > > > > Reply from update query: > > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 10966 > > ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > > > > > update add baby.dyn.pertisp.com.ar. 5 in a 1.2.3.4 > > > > > Reply from SOA query: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55227 > > ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;baby.dyn.pertisp.com.ar. IN SOA > > > > ;; AUTHORITY SECTION: > > dyn.pertisp.com.ar. 10 IN SOA ns1.pertisp.com.ar. >hostmaster.pert.com.ar. 2002042216 10800 3600 3600000 10 > > > > > > Found zone name: dyn.pertisp.com.ar > > The master is: ns1.pertisp.com.ar > > > > Reply from update query: > > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 49272 > > ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > > > > > Destroy DST lib > > Detach from entropy > > # > > BIND is only logging the query: > 22-Apr-2002 17:01:59.615 queries: info: >XX+/192.168.1.7/baby.dyn.pertisp.com.ar/ANY/IN > > However, if now I check via dnsqr: > > # dnsqr any baby.dyn.pertisp.com.ar > > 255 baby.dyn.pertisp.com.ar: > > 91 bytes, 1+1+1+1 records, response, authoritative, noerror > > query: 255 baby.dyn.pertisp.com.ar > > answer: baby.dyn.pertisp.com.ar 5 A 1.2.3.4 > > authority: dyn.pertisp.com.ar 7200 NS ns1.pertisp.com.ar > > additional: ns1.pertisp.com.ar 7200 A 200.49.76.6 > > I can see that BIND sent an additional AUTHORITY section which I guess is what >nsupdate is > looking for. DJB's dnscache never sent that section. > > -- > GnuDIP Mailing List > http://gnudip2.sourceforge.net/#mailinglist -- Creighton MacDonnell http://macdonnell.ca/ -- GnuDIP Mailing List http://gnudip2.sourceforge.net/#mailinglist
