bin/49822: "nsupdate" doesn't determine master server from SOA record

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/49822: "nsupdate" doesn't determine master server from SOA record
From: tron%zhadum.org.uk@localhost
Date: Tue, 7 Apr 2015 12:00:00 +0000 (UTC)

>Number:         49822
>Category:       bin
>Synopsis:       "nsupdate" doesn't determine master server from SOA record
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 07 12:00:00 +0000 2015
>Originator:     Matthias Scheler
>Release:        NetBSD 7.0_BETA 2015-03-13 sources
>Organization:
Matthias Scheler                                 https://zhadum.org.uk/
>Environment:
System: NetBSD colwyn.zhadum.org.uk 7.0_BETA NetBSD 7.0_BETA (GENERIC) #0: Fri Mar 13 19:51:26 GMT 2015 tron%colwyn.zhadum.org.uk@localhost:/objdir/tron/nb7/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
nsupdate(1) contains this paragraph:

       The resource records that are dynamically added or removed with
       nsupdate have to be in the same zone. Requests are sent to the zoneâ??s
       master server. This is identified by the MNAME field of the zoneâ??s SOA
       record.

The problem is however that this is not what NetBSD's nsupdate(1) does.
It seems instead to send update requests blindly to the (first) nameserver
listed in "/etc/resolv.conf":

tron@colwyn:~>/usr/bin/nsupdate -k /usr/local/lib/dns/Kzhadum.intern.+157+05153.key
> update add test.zhadum.intern 86400 A 1.2.3.4
>
update failed: REFUSED

Using the "nsupdate" binary from the 9.10.2 package in "pkgsrc" works
as expected:

tron@colwyn:~>/usr/pkg/bin/nsupdate -k /usr/local/lib/dns/Kzhadum.intern.+157+05153.key
> update add test.zhadum.intern 86400 A 1.2.3.4
>
> ^D%
tron@colwyn:~>host test.zhadum.intern
test.zhadum.intern has address 1.2.3.4

This is similar to the problem reported in PR bin/49138. Something seems to
go wrong with our build of the "nsupdate" binary and the resulting executable
is severely limitted in its capabilities.

>How-To-Repeat:
Try to use "nsupdate" to update a DNS zone that is not hosted by the
(first) name server listed in "/etc/resolv.conf".

>Fix:
None provided

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: port-evbarm/49824: Please pullup ds1307 to netbsd-7
Previous by Thread: PR/47392 CVS commit: src/usr.sbin/makemandb
Next by Thread: port-evbarm/49824: Please pullup ds1307 to netbsd-7
Indexes:

Home | Main Index | Thread Index | Old Index