News: This forum is now permanently frozen.
Pages: [1]
Topic: RFC 2136 updating does not work properly [dnsupdate]  (Read 2631 times)
« on: October 11, 2013, 18:31:14 »
denniskarlsson *
Posts: 9

m0n0wall v.1.34 tries to update the name server via IPv6 if the DNS server announces a AAAA record. Even if m0n0wall does not have IPv6 configured. Is this correct?

Got around this problem by using a subzone that doesn't announce a AAAA record. But I think this should be fixed. m0n0wall should update via IPv4 when IPv6 is not configured.

(Updating from m0n0wall v.1.235 does not work because nsupdate tries to update the zone dennis.se instead of dyn.dennis.se. This may be fixed, but I can't get a newer version to work.)


Secondly...

I can't get m0n0wall to update my named (BIND) server. Not from the GUI and not manually by using http://m0n0wall/exec.php.

I get this output (on exec.php) but no traffic goes to the name server (tcpdump -vvv -i eth0 port 53).

Code:
$ echo -e "update delete computer.dyn.dennis.se A\nupdate add computer.dyn.dennis.se 60 A x.x.x.x\nshow\nsend" | nsupdate -y keyname:key
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
computer.dyn.dennis.se. 0 ANY A
computer.dyn.dennis.se. 60 IN A x.x.x.x










This command works just fine from a linux machine.
Code:
echo -e "update delete computer.dyn.dennis.se A\nupdate add computer.dyn.dennis.se 60 A 1.2.3.4\nsend" | nsupdate -y keyname:key

Log from named.
Code:
update: info: client x.x.x.x#52088: view external: updating zone 'dyn.dennis.se/IN': deleting rrset at 'computer.dyn.dennis.se' A
update: info: client x.x.x.x#52088: view external: updating zone 'dyn.dennis.se/IN': adding an RR at 'computer.dyn.dennis.se' A






named.conf:
Code:
zone "dyn.dennis.se" in {
type master;
file "/var/named/zones/dyn.dennis.se";
allow-transfer { slaves; };
allow-query { any; };
update-policy {
grant *.dyn.dennis.se self dyn.dennis.se. A AAAA;
};
};

Zone file:
Code:
$ORIGIN dyn.dennis.se.
$TTL 10800
@ IN SOA ns1.dyn.dennis.se. hostmaster.dennis.se. (
2013101007 ; serial
14400      ; refresh (4 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
600        ; minimum (10 minutes)
)
NS ns1.dyn.dennis.se.
NS ns2.dyn.dennis.se.

ns1 A 85.227.54.133

« Reply #1 on: April 20, 2014, 01:46:40 »
denniskarlsson *
Posts: 9

This is still a problem, now on version 1.8.1.

I get no updates from m0n0wall.


This works from /exec.php though:
Code:
echo -e "update delete computer.dyn.dennis.se A\nupdate add computer.dyn.dennis.se 60 A 1.2.3.4\nshow\nsend" | nsupdate -y keyname:key

Quote
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
computer.dyn.dennis.se.   0   ANY   A   
computer.dyn.dennis.se.   60   IN   A   1.2.3.4

Why isn't m0n0wall able to update via the settings in the GUI?
« Last Edit: April 20, 2014, 01:48:59 by denniskarlsson »
« Reply #2 on: April 22, 2014, 10:59:05 »
brushedmoss ****
Posts: 446

Hi,

nsupdate was 'broken' in 1.8.x .  the code that manipulated nsupdate was replaced with alternative code to manipulate a way smaller binary to achieve the same thing.  however the alt. binary was never included.

this change has been reverted in r571 , so should be working again as before.  you will have to use a snapshot of r571 or greater

http://m0n0.ch/wall/snapshots/1.8.2/

« Reply #3 on: April 22, 2014, 14:06:21 »
denniskarlsson *
Posts: 9

Thank you. That explains it. =)

I tried the 572 build but I had to go back to version 1.8.1, because of kernel crash.

It crashed on a Intel Desktop Board D2500CC.
http://www.intel.com/content/www/us/en/motherboards/desktop-motherboards/desktop-board-d2500cc.html

Someone else got it working on that board?
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines