nsupdate failing on localhost - Bind 8

Question

I have added a zone test.net via rndc locally and it is working fine. Next, I want to update it via nsupdate but locally, my zone configurations are,

zone test.net {type master; file "zones-remote/masters/test.net" ; allow-update{localhost;};};

When I do this,

nsupdate
server localhost
zone sample.test.net
update add sample.test.net 86400 A 134.23.32.4
send

It gives the error "update failed: NOTAUTH"

Checking it via show, prior to send gives,

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;test.net.                      IN      SOA

;; UPDATE SECTION:
sample.test.net.        86400   IN      A       134.23.32.4

When I try,

nsupdate
server localhost
zone test.net #     Actual zone name
update add sample.test.net 86400 A 134.23.32.4
send

then the error "SERVFAIL" appears.

My zone file looks like this,

@     86400      IN  SOA  test.net. sampling.gmail.com. (
                    2014101001
  3h
  1h
  1w
  30m86400s)

@ 84600 NS ns1.test.net.
@ 84600 IN  A 42.42.42.42
ns1 84600 IN A 42.42.42.42

This zone file is correct and it resolves the query against its domain.

Modifying your original message without a warning is not really good, especially when the error message changes that much... Depending of your OS, retard your named server (or rndc reload) and take a look at its log file (/var/log/named.log or /var/log/daemon.log for example) and add the logs to your question. Also add the content of your zone. It seems that you have misconfigured your zone and it is not seen as an authoritative zone (thus the NOTAUTH) error. — NaeiKinDus, Oct 14 '14 at 08:22
Np. Got any logs to show ? The NOTAUTH was normal (non existent zone). Without the logs, I'm afraid I have no idea about the servfail :-/ — NaeiKinDus, Oct 14 '14 at 09:30
BIND 8 is unsupported. Is there a good reason why you are not using BIND 9? — Andrew B, Oct 14 '14 at 15:28

Andrew B · Answer 1 · 2014-10-14T15:30:53.927

When you specify zone, you are defining the "origin" for all transactions that follow. The record names that you specify are assumed to be relative to this origin unless a trailing dot is present.

With zone sample.test.net, the record should be @ or sample.test.net..
With zone test.net, the record should be sample or sample.test.net..

The SERVFAIL happens because your requested record mapped out to sample.test.net.test.net., which falls outside of your defined sample.test.net. zone.

I'm less certain of why you're getting NOTAUTH for the first request (sample.test.net.sample.test.net. falls within sample.test.net.), but I can't spend a whole lot of time speculating what is going on there when you're running an unsupported version of BIND. Ensure that both your nsupdate client and the server are running supported versions, and update your question if the problem persists.

After giving the update command in this style it is giving the NOTZONE error, while my zone is added in bind and the dig resolves the domain. I have tried this on bind 9.7 as well, but to no effect. — Anss, Oct 15 '14 at 05:50

nsupdate failing on localhost - Bind 8

1 Answers1