named / bind update adjacent zone
up vote
0
down vote
favorite
Working scenario:
The machine located in 192.168.100.0/24 net, ask the DHCP server for an IP -> DHCP server is answering with 192.168.100.2 -> DNS server get the request from DHCP server to update one onehundred.testlab.net.zone / 100.168.192.in-addr.arpa.zone
The machine is moved to 192.168.200.0/24 net -> DHCP answer with 192.168.200.2 -> DNS server get the request to update one twohundred.testlab.net.zone / 200.168.192.in-addr.arpa.zone
What we need, is that even if the machine is moved to 192.168.200.0/24 network, still the onehundred.testlab.net.zone is the one that should be updated.
Some of our machines are registered in the onehundred.testlab.net domain, so the DHCP server will realize that and will request update of onehundred.testlab.net.zone everytime, even if the machine is actually using 192.168.200.0/24 network and get 192.168.200.x ip from DHCP.
Even if this looks strange, this is what we want. The issue occur when the DNS deny updating onehundred.testlab.net.zone if the machine is using an 192.168.200.x ip.
Example:
named working: client 192.168.100.101#58211: client 127.0.0.1#12637/key dhcp_key: updating zone 'onehundred.testlab.net/IN': adding an RR at 'vm1.onehundred.testlab.net' A
named error: client 192.168.200.101#58211: update 'onehundred.testlab.net/IN' denied
Is there a way to configure DNS to accept those adjacent zones update?
The content of named.conf:
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
#
# For any information/description about DNS:
# http://www.zytrax.com/books/dns/
##
# Include can appear anywhere in a named.conf file either inside
# or outside a clause. Allows inclusion of external files into named.conf
# for administrative convenience or security reasons.
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# See also /etc/sysconfig/named
include "/etc/named.conf.include";
# Configures the location, level and type of logging that BIND performs.
# Unless you are using syslog you need a logging statement for BIND.
logging {
channel log_file {
file "/var/log/named.log" versions 5 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel debug_log {
file "debug.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
# 'default' logs all values which are not explicitly defined in category statements
# i.e. if this is the only category defined it will log all categories listed
# in this table with the exception of queries which are not turned on by default.
# Logs all query transactions.
# Logging of all dynamic update (DDNS) transactions.
# Details of zone transfers the server is receiving.
# Details of zone transfers the server is sending.
category xfer-out {
log_file;
default_syslog;
};
category xfer-in {
log_file;
default_syslog;
};
category update {
log_file;
default_syslog;
};
category queries {
log_file;
};
category default {
log_file;
debug_log;
query_log;
default_syslog;
default_debug;
default_stderr;
};
};
# Groups statements that control generic or global behavior and that have scope
# for all zones and views unless overridden within a zone, views or other clause.
options {
#switch on logging as configured
querylog yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
# The pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
zone-statistics yes;
# The listen-on record contains a list of local network interfaces to listen on.
# Optionally the port can be specified. Default is to listen on all interfaces
# found on your system. The default port is 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6 interfaces.
# Allowed values are 'any' and 'none' or a list of addresses.
listen-on-v6 { any; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
# If set to 'only' the server will only forward queries, if set to 'first' (default)
# it will send the queries to the forwarder and if not answered will attempt to answer the query.
#forward first;
# forwarders defines a list of IP address(es) (and optional port numbers)
# to which queries will be forwarded.
include "/etc/named.d/forwarders.conf";
empty-zones-enable no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
#allow dns requested forwarded by foreman, (provision server)
#allow-recursion { 192.168.100.32; };
allow-query { 192.168.0.0/16; 127.0.0.1/8; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
file "root.hint";
type hint;
};
zone "localhost" in {
file "localhost.zone";
type master;
};
zone "0.0.127.in-addr.arpa" in {
file "127.0.0.zone";
type master;
};
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "100.168.192.in-addr.arpa" in {
file "dyn/100.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "onehundred.testlab.net" in {
file "dyn/onehundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
zone "200.168.192.in-addr.arpa" in {
file "dyn/200.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "twohundred.testlab.net" in {
file "dyn/twohundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
dns bind named zone
asked Nov 9 at 15:03
user3581412
93
add a comment |
up vote
0
down vote
favorite
Working scenario:
The machine located in 192.168.100.0/24 net, ask the DHCP server for an IP -> DHCP server is answering with 192.168.100.2 -> DNS server get the request from DHCP server to update one onehundred.testlab.net.zone / 100.168.192.in-addr.arpa.zone
The machine is moved to 192.168.200.0/24 net -> DHCP answer with 192.168.200.2 -> DNS server get the request to update one twohundred.testlab.net.zone / 200.168.192.in-addr.arpa.zone
What we need, is that even if the machine is moved to 192.168.200.0/24 network, still the onehundred.testlab.net.zone is the one that should be updated.
Some of our machines are registered in the onehundred.testlab.net domain, so the DHCP server will realize that and will request update of onehundred.testlab.net.zone everytime, even if the machine is actually using 192.168.200.0/24 network and get 192.168.200.x ip from DHCP.
Even if this looks strange, this is what we want. The issue occur when the DNS deny updating onehundred.testlab.net.zone if the machine is using an 192.168.200.x ip.
Example:
named working: client 192.168.100.101#58211: client 127.0.0.1#12637/key dhcp_key: updating zone 'onehundred.testlab.net/IN': adding an RR at 'vm1.onehundred.testlab.net' A
named error: client 192.168.200.101#58211: update 'onehundred.testlab.net/IN' denied
Is there a way to configure DNS to accept those adjacent zones update?
The content of named.conf:
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
#
# For any information/description about DNS:
# http://www.zytrax.com/books/dns/
##
# Include can appear anywhere in a named.conf file either inside
# or outside a clause. Allows inclusion of external files into named.conf
# for administrative convenience or security reasons.
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# See also /etc/sysconfig/named
include "/etc/named.conf.include";
# Configures the location, level and type of logging that BIND performs.
# Unless you are using syslog you need a logging statement for BIND.
logging {
channel log_file {
file "/var/log/named.log" versions 5 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel debug_log {
file "debug.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
# 'default' logs all values which are not explicitly defined in category statements
# i.e. if this is the only category defined it will log all categories listed
# in this table with the exception of queries which are not turned on by default.
# Logs all query transactions.
# Logging of all dynamic update (DDNS) transactions.
# Details of zone transfers the server is receiving.
# Details of zone transfers the server is sending.
category xfer-out {
log_file;
default_syslog;
};
category xfer-in {
log_file;
default_syslog;
};
category update {
log_file;
default_syslog;
};
category queries {
log_file;
};
category default {
log_file;
debug_log;
query_log;
default_syslog;
default_debug;
default_stderr;
};
};
# Groups statements that control generic or global behavior and that have scope
# for all zones and views unless overridden within a zone, views or other clause.
options {
#switch on logging as configured
querylog yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
# The pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
zone-statistics yes;
# The listen-on record contains a list of local network interfaces to listen on.
# Optionally the port can be specified. Default is to listen on all interfaces
# found on your system. The default port is 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6 interfaces.
# Allowed values are 'any' and 'none' or a list of addresses.
listen-on-v6 { any; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
# If set to 'only' the server will only forward queries, if set to 'first' (default)
# it will send the queries to the forwarder and if not answered will attempt to answer the query.
#forward first;
# forwarders defines a list of IP address(es) (and optional port numbers)
# to which queries will be forwarded.
include "/etc/named.d/forwarders.conf";
empty-zones-enable no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
#allow dns requested forwarded by foreman, (provision server)
#allow-recursion { 192.168.100.32; };
allow-query { 192.168.0.0/16; 127.0.0.1/8; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
file "root.hint";
type hint;
};
zone "localhost" in {
file "localhost.zone";
type master;
};
zone "0.0.127.in-addr.arpa" in {
file "127.0.0.zone";
type master;
};
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "100.168.192.in-addr.arpa" in {
file "dyn/100.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "onehundred.testlab.net" in {
file "dyn/onehundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
zone "200.168.192.in-addr.arpa" in {
file "dyn/200.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "twohundred.testlab.net" in {
file "dyn/twohundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
dns bind named zone
asked Nov 9 at 15:03
user3581412
93
Have a look at bind's "update-policy" statement,subdomainorzonesubruletype may help. The logfile should give you more explanations on the denied reason.
– Patrick Mevzek
Nov 9 at 19:07
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Working scenario:
The machine located in 192.168.100.0/24 net, ask the DHCP server for an IP -> DHCP server is answering with 192.168.100.2 -> DNS server get the request from DHCP server to update one onehundred.testlab.net.zone / 100.168.192.in-addr.arpa.zone
The machine is moved to 192.168.200.0/24 net -> DHCP answer with 192.168.200.2 -> DNS server get the request to update one twohundred.testlab.net.zone / 200.168.192.in-addr.arpa.zone
What we need, is that even if the machine is moved to 192.168.200.0/24 network, still the onehundred.testlab.net.zone is the one that should be updated.
Some of our machines are registered in the onehundred.testlab.net domain, so the DHCP server will realize that and will request update of onehundred.testlab.net.zone everytime, even if the machine is actually using 192.168.200.0/24 network and get 192.168.200.x ip from DHCP.
Even if this looks strange, this is what we want. The issue occur when the DNS deny updating onehundred.testlab.net.zone if the machine is using an 192.168.200.x ip.
Example:
named working: client 192.168.100.101#58211: client 127.0.0.1#12637/key dhcp_key: updating zone 'onehundred.testlab.net/IN': adding an RR at 'vm1.onehundred.testlab.net' A
named error: client 192.168.200.101#58211: update 'onehundred.testlab.net/IN' denied
Is there a way to configure DNS to accept those adjacent zones update?
The content of named.conf:
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
#
# For any information/description about DNS:
# http://www.zytrax.com/books/dns/
##
# Include can appear anywhere in a named.conf file either inside
# or outside a clause. Allows inclusion of external files into named.conf
# for administrative convenience or security reasons.
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# See also /etc/sysconfig/named
include "/etc/named.conf.include";
# Configures the location, level and type of logging that BIND performs.
# Unless you are using syslog you need a logging statement for BIND.
logging {
channel log_file {
file "/var/log/named.log" versions 5 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel debug_log {
file "debug.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
# 'default' logs all values which are not explicitly defined in category statements
# i.e. if this is the only category defined it will log all categories listed
# in this table with the exception of queries which are not turned on by default.
# Logs all query transactions.
# Logging of all dynamic update (DDNS) transactions.
# Details of zone transfers the server is receiving.
# Details of zone transfers the server is sending.
category xfer-out {
log_file;
default_syslog;
};
category xfer-in {
log_file;
default_syslog;
};
category update {
log_file;
default_syslog;
};
category queries {
log_file;
};
category default {
log_file;
debug_log;
query_log;
default_syslog;
default_debug;
default_stderr;
};
};
# Groups statements that control generic or global behavior and that have scope
# for all zones and views unless overridden within a zone, views or other clause.
options {
#switch on logging as configured
querylog yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
# The pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
zone-statistics yes;
# The listen-on record contains a list of local network interfaces to listen on.
# Optionally the port can be specified. Default is to listen on all interfaces
# found on your system. The default port is 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6 interfaces.
# Allowed values are 'any' and 'none' or a list of addresses.
listen-on-v6 { any; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
# If set to 'only' the server will only forward queries, if set to 'first' (default)
# it will send the queries to the forwarder and if not answered will attempt to answer the query.
#forward first;
# forwarders defines a list of IP address(es) (and optional port numbers)
# to which queries will be forwarded.
include "/etc/named.d/forwarders.conf";
empty-zones-enable no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
#allow dns requested forwarded by foreman, (provision server)
#allow-recursion { 192.168.100.32; };
allow-query { 192.168.0.0/16; 127.0.0.1/8; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
file "root.hint";
type hint;
};
zone "localhost" in {
file "localhost.zone";
type master;
};
zone "0.0.127.in-addr.arpa" in {
file "127.0.0.zone";
type master;
};
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "100.168.192.in-addr.arpa" in {
file "dyn/100.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "onehundred.testlab.net" in {
file "dyn/onehundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
zone "200.168.192.in-addr.arpa" in {
file "dyn/200.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "twohundred.testlab.net" in {
file "dyn/twohundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
dns bind named zone
asked Nov 9 at 15:03
user3581412
93
Working scenario:
The machine located in 192.168.100.0/24 net, ask the DHCP server for an IP -> DHCP server is answering with 192.168.100.2 -> DNS server get the request from DHCP server to update one onehundred.testlab.net.zone / 100.168.192.in-addr.arpa.zone
The machine is moved to 192.168.200.0/24 net -> DHCP answer with 192.168.200.2 -> DNS server get the request to update one twohundred.testlab.net.zone / 200.168.192.in-addr.arpa.zone
What we need, is that even if the machine is moved to 192.168.200.0/24 network, still the onehundred.testlab.net.zone is the one that should be updated.
Some of our machines are registered in the onehundred.testlab.net domain, so the DHCP server will realize that and will request update of onehundred.testlab.net.zone everytime, even if the machine is actually using 192.168.200.0/24 network and get 192.168.200.x ip from DHCP.
Even if this looks strange, this is what we want. The issue occur when the DNS deny updating onehundred.testlab.net.zone if the machine is using an 192.168.200.x ip.
Example:
named working: client 192.168.100.101#58211: client 127.0.0.1#12637/key dhcp_key: updating zone 'onehundred.testlab.net/IN': adding an RR at 'vm1.onehundred.testlab.net' A
named error: client 192.168.200.101#58211: update 'onehundred.testlab.net/IN' denied
Is there a way to configure DNS to accept those adjacent zones update?
The content of named.conf:
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
#
# For any information/description about DNS:
# http://www.zytrax.com/books/dns/
##
# Include can appear anywhere in a named.conf file either inside
# or outside a clause. Allows inclusion of external files into named.conf
# for administrative convenience or security reasons.
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# See also /etc/sysconfig/named
include "/etc/named.conf.include";
# Configures the location, level and type of logging that BIND performs.
# Unless you are using syslog you need a logging statement for BIND.
logging {
channel log_file {
file "/var/log/named.log" versions 5 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel debug_log {
file "debug.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
# 'default' logs all values which are not explicitly defined in category statements
# i.e. if this is the only category defined it will log all categories listed
# in this table with the exception of queries which are not turned on by default.
# Logs all query transactions.
# Logging of all dynamic update (DDNS) transactions.
# Details of zone transfers the server is receiving.
# Details of zone transfers the server is sending.
category xfer-out {
log_file;
default_syslog;
};
category xfer-in {
log_file;
default_syslog;
};
category update {
log_file;
default_syslog;
};
category queries {
log_file;
};
category default {
log_file;
debug_log;
query_log;
default_syslog;
default_debug;
default_stderr;
};
};
# Groups statements that control generic or global behavior and that have scope
# for all zones and views unless overridden within a zone, views or other clause.
options {
#switch on logging as configured
querylog yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
# The pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
zone-statistics yes;
# The listen-on record contains a list of local network interfaces to listen on.
# Optionally the port can be specified. Default is to listen on all interfaces
# found on your system. The default port is 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6 interfaces.
# Allowed values are 'any' and 'none' or a list of addresses.
listen-on-v6 { any; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
# If set to 'only' the server will only forward queries, if set to 'first' (default)
# it will send the queries to the forwarder and if not answered will attempt to answer the query.
#forward first;
# forwarders defines a list of IP address(es) (and optional port numbers)
# to which queries will be forwarded.
include "/etc/named.d/forwarders.conf";
empty-zones-enable no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
#allow dns requested forwarded by foreman, (provision server)
#allow-recursion { 192.168.100.32; };
allow-query { 192.168.0.0/16; 127.0.0.1/8; };
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
file "root.hint";
type hint;
};
zone "localhost" in {
file "localhost.zone";
type master;
};
zone "0.0.127.in-addr.arpa" in {
file "127.0.0.zone";
type master;
};
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "100.168.192.in-addr.arpa" in {
file "dyn/100.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "onehundred.testlab.net" in {
file "dyn/onehundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
zone "200.168.192.in-addr.arpa" in {
file "dyn/200.168.192.in-addr.arpa.zone";
type master;
allow-update { key DHCP_KEY; localhost; };
notify yes;
};
zone "twohundred.testlab.net" in {
file "dyn/twohundred.testlab.net.zone";
type master;
allow-update {
key DHCP_KEY;
localhost;
};
notify yes;
check-names warn;
};
dns bind named zone
dns bind named zone
asked Nov 9 at 15:03
user3581412
93
asked Nov 9 at 15:03
user3581412
93
edited Nov 10 at 20:32
asked Nov 9 at 15:03
user3581412
93
asked Nov 9 at 15:03
user3581412
93
asked Nov 9 at 15:03
user3581412
93
93
Have a look at bind's "update-policy" statement,subdomainorzonesubruletype may help. The logfile should give you more explanations on the denied reason.
– Patrick Mevzek
Nov 9 at 19:07
add a comment |
Have a look at bind's "update-policy" statement,subdomainorzonesubruletype may help. The logfile should give you more explanations on the denied reason.
– Patrick Mevzek
Nov 9 at 19:07
Have a look at bind's "update-policy" statement,
subdomain or zonesub ruletype may help. The logfile should give you more explanations on the denied reason.– Patrick Mevzek
Nov 9 at 19:07
Have a look at bind's "update-policy" statement,
subdomain or zonesub ruletype may help. The logfile should give you more explanations on the denied reason.– Patrick Mevzek
Nov 9 at 19:07
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53228232%2fnamed-bind-update-adjacent-zone%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have a look at bind's "update-policy" statement,
subdomainorzonesubruletype may help. The logfile should give you more explanations on the denied reason.– Patrick Mevzek
Nov 9 at 19:07