bind9 nsupdate update failed: NOTAUTH

Question

This is my named.conf.local

zone "domain.ext" {
     type master;
     file "/etc/bind/zones/domain.ext.db";
     allow-update {localhost;};
};

And the domain.ext.db file:

;
; BIND data file for domain.ext
;
$TTL    3h
@       IN      SOA     ns1.dmian.ext. email.domain.ext. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
@       IN      NS      ns1.domain.ext.
@       IN      NS      ns2.domain.ext.


domain.ext.    IN      MX      10      mail.domain.ext.
domain.ext.    IN      A       10.10.10.1
ns1                     IN      A       10.10.10.1
ns2                     IN      A       10.10.10.1
www                     IN      CNAME   domain.ext.
mail                    IN      A       10.10.10.1
ftp                     IN      CNAME   domain.ext.
api.domain.ext. IN       A       10.10.10.1

nsupdate command will fail:

nsupdate

> update add ss.domain.ext 1 A 10.10.10.2
> send
> update add ss.domain.ext. 1 A 10.10.10.2
> send

In both scenarios the following error appears:

update failed: NOTAUTH

I don't want to use keys. I just need to update from local.

score 1 · Answer 1 · answered Aug 28 '19 at 09:29

1

Bind can't access to /etc/bind/zones even it has enough permissions, So i changed Zone files location to /var/lib/bind and now nsupdate can update zones well.

answered Aug 28 '19 at 09:29

user3690884

31
1
3

Presumably blocked by SELinux or similar. Anyway, `/var/lib/bind` is the more conventional location for writable application data (reflected in the typical default policies). – Håkan Lindqvist Aug 29 '19 at 04:56

bind9 nsupdate update failed: NOTAUTH

1 Answers1