DDNS allow-update on forward and reverse maps?

DDNS allow-update on forward and reverse maps?

Post by Douglass, Gordo » Sun, 07 Jan 2001 05:06:47



After consulting the V3 DNS and Bind book. I noticed that
the allow-update section only specifies that the forward
map needs to have allow-update for updates.

I believe that the reverse zones (in.addr-arpa.) should also
have the allow-update set in the named.conf.

The reverse zone allow-update has been implemented without
any warnings/errors but does anyone know if it's a requirement
to have the allow-update in the reverse definition?

Since DDNS is relatively new does anyone have an pointers with
implementing DDNS with Win2k?

thanks,

;Gordon

 
 
 

DDNS allow-update on forward and reverse maps?

Post by Smith, William E » Sun, 07 Jan 2001 05:28:57


I personally configured the reverse zone to use allow-update and listed the
servers I wanted to allow updates from. I had to do this for W2K servers as
I continually saw unable to update reverse zone type errors.  After putting
in the allow update, they went away.  Whether they need to update the
reverse zone is another story though.  

Bill Smith

The Johns Hopkins University                    Washington DC: 240-228-5523
Applied Physics Laboratory                      MD: 443-778-5523
11100 Johns Hopkins Road                        Fax: 443-778-5727
Laurel, MD 20723-6099                           Web:
<http://www.jhuapl.edu/>

-----Original Message-----

Sent: Friday, January 05, 2001 2:18 PM

Subject: DDNS allow-update on forward and reverse maps?

After consulting the V3 DNS and Bind book. I noticed that
the allow-update section only specifies that the forward
map needs to have allow-update for updates.

I believe that the reverse zones (in.addr-arpa.) should also
have the allow-update set in the named.conf.

The reverse zone allow-update has been implemented without
any warnings/errors but does anyone know if it's a requirement
to have the allow-update in the reverse definition?

Since DDNS is relatively new does anyone have an pointers with
implementing DDNS with Win2k?

thanks,

;Gordon


 
 
 

DDNS allow-update on forward and reverse maps?

Post by Tim Maesta » Sun, 07 Jan 2001 06:48:25


        A zone is a zone is a zone.  If you want to allow
        your reverse zones to be updated, you need an
        allow-update statement on your reverse zone, same
        as your forwards.  The default without an allow-update
        statement is allow-update {none;}

-Tim


> After consulting the V3 DNS and Bind book. I noticed that
> the allow-update section only specifies that the forward
> map needs to have allow-update for updates.

> I believe that the reverse zones (in.addr-arpa.) should also
> have the allow-update set in the named.conf.

> The reverse zone allow-update has been implemented without
> any warnings/errors but does anyone know if it's a requirement
> to have the allow-update in the reverse definition?

> Since DDNS is relatively new does anyone have an pointers with
> implementing DDNS with Win2k?

> thanks,

> ;Gordon

 
 
 

DDNS allow-update on forward and reverse maps?

Post by Barry Margoli » Sun, 07 Jan 2001 06:59:50




>After consulting the V3 DNS and Bind book. I noticed that
>the allow-update section only specifies that the forward
>map needs to have allow-update for updates.

Where does it say that?  The examples only show updating the forward
domain, but that doesn't mean that other domains can't be updated.  The
last full sentence on page 231 says: "... DHCP servers that assign IP
addresses automatically to computers, and then need to register the
resulting name-to-address and address-to-name mappings."  Address-to-name
mappings are in reverse domains, so this implies that they need to update
these domains.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

DDNS allow-update on forward and reverse maps?

Post by Douglass, Gordo » Sun, 07 Jan 2001 10:24:57


Thanks Barry! That's what I was looking for, but somehow missed the blurb
on name-to-address and address-to-name mappings.
What had me confused was all of the illustrations only showed
named-to-address
modifications. Otherwise, when a allow-update isn't in (or any mapping)
the address-to-name mapping allow-update is defaulted to none.

Thanks for everyone's input!

;Gordon

-----Original Message-----

Sent: Friday, January 05, 2001 1:55 PM

Subject: Re: DDNS allow-update on forward and reverse maps?



>After consulting the V3 DNS and Bind book. I noticed that
>the allow-update section only specifies that the forward
>map needs to have allow-update for updates.

Where does it say that?  The examples only show updating the forward
domain, but that doesn't mean that other domains can't be updated.  The
last full sentence on page 231 says: "... DHCP servers that assign IP
addresses automatically to computers, and then need to register the
resulting name-to-address and address-to-name mappings."  Address-to-name
mappings are in reverse domains, so this implies that they need to update
these domains.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the
group.

 
 
 

DDNS allow-update on forward and reverse maps?

Post by jmcca.. » Sun, 07 Jan 2001 10:31:51


I am having a similar dilema.  My /etc/named.conf (below) has both the
name-to-address and address-to-name zones with an allow-update clause.
However, the reverse lookup does not update.  In the /var/adm/messages,
it says "unapproved update from [192.168.0.1].1127 for
0.168.192.inaddr.arpa".  The named.conf follows.  Thanks for looking at
this...
-----------------------------------------------------
options {
        directory "/var/named";
        forward first;
        forwarders {
        xxx.xx.xx.x;    [note: masked out for posting]
        xxx.xxx.xxx.x;
        };

Quote:};

logging {
        category lame-servers { null; };
        category cname { null; };

Quote:};

zone "." in {
        type hint;
        file "root.hints";

Quote:};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "pz/127.0.0";

Quote:};

zone "cht.private" {
        notify no;
        type master;
        file "pz/cht.private";
        allow-update { 192.168.0.1; };

Quote:};

zone "0.168.192.in-addr.arpa" {
        notify no;
        type master;
        file "pz/192.168.0"
        allow-update { 192.168.0.1; }
Quote:};

-----------------------------------------------------------





> >After consulting the V3 DNS and Bind book. I noticed that
> >the allow-update section only specifies that the forward
> >map needs to have allow-update for updates.

> Where does it say that?  The examples only show updating the forward
> domain, but that doesn't mean that other domains can't be updated.
The
> last full sentence on page 231 says: "... DHCP servers that assign IP
> addresses automatically to computers, and then need to register the
> resulting name-to-address and address-to-name mappings."  Address-to-
name
> mappings are in reverse domains, so this implies that they need to
update
> these domains.

> --

> Genuity, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to
the group.

Sent via Deja.com
http://www.deja.com/
 
 
 

DDNS allow-update on forward and reverse maps?

Post by Kevin Darc » Sun, 07 Jan 2001 10:59:11


I assume you mistyped when you said "inaddr.arpa", since it should be
in-addr.arpa.

My guess is that the 0.168.192.in-addr.arpa zonefile has some sort of
syntax error in it. Because of the error, it doesn't load properly and the
master won't consider itself authoritative for the zone or accept updates
for it. Look in the logs for load errors. Failing that, just post the
zonefile.

- Kevin


> I am having a similar dilema.  My /etc/named.conf (below) has both the
> name-to-address and address-to-name zones with an allow-update clause.
> However, the reverse lookup does not update.  In the /var/adm/messages,
> it says "unapproved update from [192.168.0.1].1127 for
> 0.168.192.inaddr.arpa".  The named.conf follows.  Thanks for looking at
> this...
> -----------------------------------------------------
> options {
>         directory "/var/named";
>         forward first;
>         forwarders {
>         xxx.xx.xx.x;    [note: masked out for posting]
>         xxx.xxx.xxx.x;
>         };
> };

> logging {
>         category lame-servers { null; };
>         category cname { null; };
> };

> zone "." in {
>         type hint;
>         file "root.hints";
> };

> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "pz/127.0.0";
> };

> zone "cht.private" {
>         notify no;
>         type master;
>         file "pz/cht.private";
>         allow-update { 192.168.0.1; };
> };

> zone "0.168.192.in-addr.arpa" {
>         notify no;
>         type master;
>         file "pz/192.168.0"
>         allow-update { 192.168.0.1; }
> };
> -----------------------------------------------------------





> > >After consulting the V3 DNS and Bind book. I noticed that
> > >the allow-update section only specifies that the forward
> > >map needs to have allow-update for updates.

> > Where does it say that?  The examples only show updating the forward
> > domain, but that doesn't mean that other domains can't be updated.
> The
> > last full sentence on page 231 says: "... DHCP servers that assign IP
> > addresses automatically to computers, and then need to register the
> > resulting name-to-address and address-to-name mappings."  Address-to-
> name
> > mappings are in reverse domains, so this implies that they need to
> update
> > these domains.

> > --

> > Genuity, Burlington, MA
> > *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
> newsgroups.
> > Please DON'T copy followups to me -- I'll assume it wasn't posted to
> the group.

> Sent via Deja.com
> http://www.deja.com/

 
 
 

DDNS allow-update on forward and reverse maps?

Post by Barry Finke » Wed, 10 Jan 2001 00:15:34



>Since DDNS is relatively new does anyone have an pointers with
>implementing DDNS with Win2k?

In the archves for bind-users, found at isc.org, you will find at least
29000 lines of Win2k-related postings since August, 1999.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689

Argonne, IL   60439-4844             IBMMAIL:  I1004994