Ok, that get's more info.
-------------------------------------------------
[root@server1 ~]# nsupdate -k /etc/rndc.key
could not read key from /etc/rndc.key: unexpected token
> [root@server1 ~]# man nsupdate
[root@server1 ~]# nsupdate -y domain1_key:<theSecretPhraseFrom_rndc.key>
> server 127.0.0.1
> domain domain1.com
incorrect section name: domain
> update add client1.domain1.com 864000 A 192.168.1.104
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
client1.domain1.com. 864000 IN A 192.168.1.104
> send
could not find enclosing zone
[root@server1 ~]# host client1
Host client1 not found: 3(NXDOMAIN)
[root@server1 ~]# host client1.domain1.com
Host client1.domain1.com not found: 3(NXDOMAIN)
-------------------------------------------------------------------------------------------------------
So questions arising from that are;
nsupdate -k /etc/rndc.key - The man page says that that format
requires a filename in the format 'K{name}.+157.+{random}.private'.
That's a new one on me. Where, why & how is that needed?
Just that error alone leads me to think the "not authorized" part of the
'forward map' error I was getting has to do with not being able to find
the key. But then, after issuing the send command, I get the error;
"could not find enclosing zone". I can imagine if the key were not being
found, the zone would not be found but don't know how/where that might
becoming from?
I'm going to assume the;
> domain domain1.com
incorrect section name: domain
is just a spurious section because the "domain <domainName>" command
doesn't exist.
------------------------------------------------------------------------
Kind Regards
Kyle
On 15/02/11 1:55 PM, Peter Chubb wrote:
Hi Kyle,
I suggest looking in /var/log/messages (I believe the default
confiuration for CENTOS logs everything into there )
You should see lines like:
Feb 15 06:25:34 vampire dhcpd: DHCPREQUEST for A.B.C.D from
some:mac:address:here via eth0
then you might see something like
Feb 15 06:25:35 vampire named[3921]: client 127.0.0.1#53: update
'keg.ertos.in.nicta.com.au/IN' denied
or,
Feb 14 17:35:04 vampire named[4854]: client 127.0.0.1#42217: updating zone
'keg.ertos.in.nicta.com.au/IN': update unsuccessful:
bigmac.keg.ertos.in.nicta.com.au: 'name not in use' prerequisite not satisfied
(YXDOMAIN)
You may also want to check that can update named manually, using
nsupdate.
As root, on the machine running dhcpd, do
nsupdate -k keyfile
server whateveryournameserveris
domain domain.com
update add fred.domain.com 864000 A 192.168.1.100
show
send
or similar. Then try host fred.domain.com to see if you can see the
record you just added.
Peter C
--
Dr Peter Chubb peter DOT chubb AT nicta.com.au
http://www.ertos.nicta.com.au ERTOS within National ICT Australia
All things shall perish from under the sky/Music alone shall live, never to die
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
