In article <200406170713.i5H7DAq6027763@colwyn.zhadum.de>,
	tron@zhadum.de (Matthias Scheler) writes:
> The name server (BIND 9.3.0beta3 built from "pkgsrc" under NetBSD 2.0_BETA)
> logs this error message:
> 
> Jun 16 11:47:30 colwyn named[12267]: client 213.146.107.4#65179: view internal: updating zone 'zhadum.de/IN': update failed: update RR is outside zone (NOTZONE)
> It's not a problem with the name server setup because the script still
> works fine with the old "nsupdate" binary under 2.0_BETA.

Here is the solution for the record:

The BIND 9 "nsupdate" command bundled the changes for the forward and
reverse entries into a single update request. And the name server refused
the change because the reverse entry didn't belong into the forward done
of course. Changing the end of the script like this ...

(echo "update add $NAME 86400 $RECORD $ADDR"
 for ALIAS
 do
  echo "update add $ALIAS 86400 CNAME $NAME"
 done
 echo ""
 echo "update add $REV 86400 PTR $NAME"
 test -n "$REVINT" && (echo ""; echo "$REVINT")
 echo "") |
exec nsupdate -k /usr/local/lib/dns/Kintranet.zhadum.de.+157+00000.key

... fixed the problem therefore.

I would like to thank Danny Thomas who helped me analyzing and fixing
this problem.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/