Package: bind9
Version: 1:9.7.3.dfsg-1~squeeze2
Severity: normal
After upgrade from version 1:9.7.3.dfsg-1~squeeze1 dhcp updates start to fail
with syslog messages like:
> Jun 29 09:10:35 xuxa dhcpd: DHCPOFFER on 192.168.37.234 to 64:31:50:64:bd:ad
> (DHCP-POR2) via eth0
> Jun 29 09:10:35 xuxa named[27763]: client 127.0.0.1#51206: request has
> invalid signature: TSIG rndc-key: tsig verify failure (BADSIG)
> Jun 29 09:10:35 xuxa named[27763]: client 138.4.37.12#57189: request has
> invalid signature: TSIG rndc-key: tsig verify failure (BADSIG)
> Jun 29 09:10:35 xuxa dhcpd: Unable to add forward map from
> DHCP-POR2.intranet. to 192.168.37.234: bad DNS signature
even simple rndc status fails as:
> xuxa:~# rndc status
> rndc: connection to remote host closed
> This may indicate that
> * the remote server is using an older version of the command protocol,
> * this host is not authorized to connect,
> * the clocks are not synchronized, or
> * the key is invalid.
Thanks
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages bind9 depends on:
di adduser 3.112+nmu2 add and remove users and groups
ii bind9utils 1:9.7.3.dfsg-1~squeeze2 Utilities for BIND
di debconf [debconf 1.5.36.1 Debian configuration management sy
ii libbind9-60 1:9.7.3.dfsg-1~squeeze2 BIND9 Shared Library used by BIND
di libc6 2.11.2-10 Embedded GNU C Library: Shared lib
di libcap2 1:2.19-3 support for getting/setting POSIX.
di libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libdns69 1:9.7.3.dfsg-1~squeeze2 DNS Shared Library used by BIND
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze1 MIT Kerberos runtime libraries - k
ii libisc62 1:9.7.3.dfsg-1~squeeze2 ISC Shared Library used by BIND
ii libisccc60 1:9.7.3.dfsg-1~squeeze2 Command Channel Library used by BI
ii libisccfg62 1:9.7.3.dfsg-1~squeeze2 Config File Handling Library used
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
ii liblwres60 1:9.7.3.dfsg-1~squeeze2 Lightweight Resolver Library used
di libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries
ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library
di lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
di net-tools 1.60-23 The NET-3 networking toolkit
di netbase 4.45 Basic TCP/IP networking system
bind9 recommends no packages.
Versions of packages bind9 suggests:
ii bind9-doc 1:9.7.3.dfsg-1~squeeze2 Documentation for BIND
ii dnsutils 1:9.7.3.dfsg-1~squeeze2 Clients provided with BIND
di resolvconf 1.46 name server information handler
pn ufw <none> (no description available)
-- Configuration Files:
/etc/bind/named.conf.local changed:
//
// Do any local configuration here
//
// Other views
zone "gr.ssr.upm.es" {
type master;
file "/etc/bind/db.gr.ssr.upm.es";
check-names warn;
allow-transfer {upm-nets;};
notify yes;
};
zone "list.gr.ssr.upm.es" {
type master;
file "/etc/bind/db.list.gr.ssr.upm.es";
check-names warn;
allow-transfer {upm-nets;};
notify yes;
};
zone "intranet" {
type master;
file "/etc/bind/db.intranet";
check-names warn;
//allow-update {138.4.37.12;};
allow-update {key rndc-key;};
allow-transfer {our-nets;};
};
zone "wifi" {
type master;
file "/etc/bind/db.wifi";
check-names warn;
allow-transfer {our-nets;};
//allow-update {138.4.37.12;};
allow-update {key rndc-key;};
};
zone "37.4.138.in-addr.arpa" {
type master;
file "/etc/bind/db.138.4.37";
check-names warn;
allow-transfer {upm-nets;};
notify yes;
};
zone "37.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.37";
check-names warn;
allow-transfer {our-nets;};
//allow-update {138.4.37.12;};
allow-update {key rndc-key;};
};
zone "38.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.38";
check-names warn;
allow-transfer {our-nets;};
//allow-update {138.4.37.12;};
allow-update {key rndc-key;};
};
//1.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.arpa
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.arpa" {
type master;
file "/etc/bind/db.ipv6.fce0.0000.0000.0000";
check-names warn;
allow-transfer {our-nets;};
allow-update {key rndc-key;};
};
zone "0.0.0.0.0.0.0.0.1.0.0.0.0.c.e.f.ip6.arpa" {
type master;
file "/etc/bind/db.ipv6.fce0.0001.0000.0000";
check-names warn;
allow-transfer {our-nets;};
allow-update {key rndc-key;};
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
/etc/bind/named.conf.options changed:
acl our-nets {
localhost;138.4.37.0/26; 192.168.37/24; 192.168.38.38/24; 138.4.47.43;
};
acl upm-nets {
localhost;138.4.0.0/16; 138.100.0.0/16;
};
include "/etc/bind/rndc.key";
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
//recursion no;
allow-recursion {localhost; localnets; 138.4.37.0/25; 192.168.37/24;
192.168.38/24;};
listen-on-v6 { any; };
};
-- debconf information:
* bind9/different-configuration-file:
* bind9/run-resolvconf: false
* bind9/start-as-user: bind
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
