[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Mon, Feb 21, 2005 at 04:19:23PM -0500, Mike Leone said:
> Stephen Gran wrote:
>
> Ready for this? :-)
>
> Feb 21 16:14:05 mail named[1557]: client 192.168.100.73#2099: updating
> zone 'mike-leone.com/IN': update failed: 'RRset exists (value
> dependent)' prerequisite not satisfied (NXRRSET)
> Feb 21 16:14:05 mail named[1557]: client 192.168.100.73#2102: updating
> zone 'mike-leone.com/IN': adding an RR
> Feb 21 16:14:05 mail named[1557]: journal file
> /etc/bind/mike-leone.com.hosts.jnl does not exist, creating it
> Feb 21 16:14:05 mail named[1557]: client 192.168.100.73#2105: updating
> zone '100.168.192.in-addr.arpa/IN': deleting an rrset
> Feb 21 16:14:05 mail named[1557]: client 192.168.100.73#2105: updating
> zone '100.168.192.in-addr.arpa/IN': adding an RR
> Feb 21 16:14:05 mail named[1557]: journal file
> /etc/bind/192.168.100.ptrs.jnl does not exist, creating it
> Feb 21 16:14:06 mail named[1557]: client 192.168.100.73#2112: updating
> zone '100.168.192.in-addr.arpa/IN': deleting an rrset
> Feb 21 16:14:06 mail named[1557]: client 192.168.100.73#2112: updating
> zone '100.168.192.in-addr.arpa/IN': adding an RR
>
>
> Note the location of the journal file. Also, I changed the named.conf:
>
> ----------------------------------------------
> acl "home" { 192.168.100.0/24; 127.0.0.1;};
>
> zone "mike-leone.com" {
> type master;
> file "/etc/bind/mike-leone.com.hosts";
That's why they're writing to /etc/bind - it's because that's where your
zone files are. I guessed that finally in a previous email, but it's
nice to know.
> allow-update {home; };
> };
>
> zone "100.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/192.168.100.ptrs";
> allow-update {home; };
> };
> ----------------------------------------------
>
> I also changed the /etc/bind directory to be chmod a+w.
Probably only needs to be writable for the user bind and rndc are
running as, but as you say, it's a low threat system.
> Yeah, I know, I know - it's supposed to be insecure, allowing updates by
> IP rather than by key. But it's a local DNS server, so I may just live
> with it.
Probably fine, until the WinXP box gets taken over by a rogue 14 year old
that wants to make all your queries return 'UR.p0wn3d.mike-leone.com' :)
Glad it's working,
--
--------------------------------------------------------------------------
| Stephen Gran | A citizen of America will cross the |
| steve@lobefin.net | ocean to fight for democracy, but won't |
| http://www.lobefin.net/~steve | cross the street to vote in a national |
| | election. -- Bill Vaughan |
--------------------------------------------------------------------------
Attachment:
pgpF9F5Gmd9Za.pgp
Description: PGP signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug