And the gold star goes to John. Thanks John for thinking with me.
And of course thanks also go to everyone else who kicked in.
For posterity and by way of explanation:
Because of the views and the fact the update was coming from dhcpd on
localhost, the 'localhost_resolver' view was taking over and disallowing
the update because it couldn't find the key "matched to the internal
zone" anywhere, as of course neither could the rest of the www where it
was further forwarding the request. Once I included the internal zones
into the 'localhost_resolver' view, hey presto!
I created the views pretty much carbon copy from the sample file in
/usr/share/doc that comes with this dist. of BIND. That file states
(verbatim);
// All BIND 9 zones are in a "view", which allow different zones to be
served
// to different types of client addresses, and for options to be set for
groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are
in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a
view;
// so it is recommended to start off using views to avoid having to
restructure
// your configuration files in the future.
The sample file does also state;
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
But doesn't state when/why/etc. Nor does the manpage. In fact, nothing I
read anywhere made any determination of difference between running a
DHCP->DDNS setup on a single box or separate boxes. What the hell does
"probably" mean in that context?
To be fair, I had already tried including the internal zones in the
'localhost_resolver' view on my original host, but when I started BIND
thereafter, syslog showed each defined zone being loaded twice, so I had
discounted that as being "not good" (obviously something else going on
on the original host).
And no level of debugging log BIND enabled me to set up provided any
clues (any mortal could fathom anyway) as to why it wasn't authorised.
Thanks again all.
It's easy when you know how.
------------------------------------------------------------------------
Kind Regards
Kyle
On 17/02/11 6:24 PM, John Clarke wrote:
This is just a guess because I've pretty much hit the limits of my
knowledge, and I've never used BIND's views, but could it be something
to do with the different views you've configured? You're trying to do
the update from localhost, so that matches the view
"localhost_resolver", but updates aren't allowed in that view
configuration. Updates are allowed in the view "internal", which also
matches localhost, but I wonder if BIND is simply using the first match
and thus disallowing updates?
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
