[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ddns and bind 9.x compared to bind 8.x

i'm running a pretty simple setup on a dhcp enabled machine i have on a 
cable modem network which sends named updates to a primary nameserver.

the update is sent as:

update delete chicago.ddns.lunarmedia.net in a
update add chicago.ddns.lunarmedia.net 12000 in a

on the primary namesrever, i have my named.conf configured to include:

zone "ddns.lunarmedia.net" in {
        type master;
        file "ddns/db.ddns.lunarmedia.net";
        allow-update { 10.12.71/24; };
        allow-query { any; }; };

Under bind 8.2.3, the updates would arrive and the A record would be 
available for public consumption, however, when I recently moved to bind 
9.1.3, i'm seeing a couple entries in my named logfile that show its not 

security: warning: zone 'ddns.lunarmedia.net' allows updates by IP 
address, which is insecure

that i can expect, however then i receive

security: error: client update denied

and i am not certain what exactly is causing this to fail. does bind 9 not 
allow per netblock allow-update? man named.conf certainly seems to 
indicate that it does.

To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.