Norman Zhang wrote:
> I'm trying allow DDNS for a W2K3 machine to register AD.
>
> zone "hq.arkonnetworks.com" {
> type master;
> file "db.hq.arkonnetworks.com";
> allow-update { key rndc-key; };
> };
>
> But I'm keep getting
>
> 0x0000232A RCODE_SERVER_FAILURE
>
> I tried changing
>
> allow-update { 192.168.22.0/24; };
>
> but still fails. But all my Windows clients can do DDNS. DHCP is also on
> the bind 9.2.3 box. May I ask what some tips please?


I've attached both my dhcpd.conf and named.conf below. My W2K3 box has
an IP 192.168.22.21. Any advice is greatly appreciated.

Regards,
Norman Zhang

# Server settings
authoritative;
ddns-update-style ad-hoc;

# Global settings
option domain-name "hq.arkonnetworks.com";
default-lease-time 21600;
max-lease-time 43200;
ddns-updates on;
ddns-domainname "hq.arkonnetworks.com";
ddns-rev-domainname "in-addr.arpa";

key rndc-key {
algorithm hmac-md5;
secret "xxxx";
}

zone hq.arkonnetworks.com. {
primary 192.168.11.3;
key rndc-key;
}

# LAN1 IP Range
subnet 192.168.11.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.11.3, 192.168.11.15, 207.34.136.1,
204.174.64.1;
option ntp-servers 192.168.11.3;
option routers 192.168.11.1;
range 192.168.11.41 192.168.11.254;
zone 11.168.192.in-addr.arpa. {
primary 192.168.11.3;
key rndc-key;
}
}

# LAN2 IP Range
subnet 192.168.22.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.22.3, 192.168.22.15, 207.34.136.1,
204.174.64.1;
option ntp-servers 192.168.22.3;
option routers 192.168.22.1;
range 192.168.22.41 192.168.22.254;
zone 22.168.192.in-addr.arpa. {
primary 192.168.22.3;
key rndc-key;
}
}

// generated by named-bootconf.pl

options {
directory "/var/named";
forwarders { 207.34.136.1; 204.174.64.1; 204.174.65.1; };
pid-file "/var/run/named/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};


// secret must be the same as in /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxx";
};

controls {
inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "db.cache";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};

zone "hq.arkonnetworks.com" {
type master;
file "db.hq.arkonnetworks.com";
allow-update { key rndc-key; };
};

zone "arkonnetworks.com" {
type slave;
file "db.arkonnetworks.com";
masters { 207.34.136.1; };
};

zone "0-31.136.34.207.in-addr.arpa" {
type slave;
file "db.207.34.136.0";
masters { 207.34.136.1; };
};

zone "22.168.192.in-addr.arpa" {
type master;
file "db.192.168.22.0";
allow-update { key rndc-key; };
};

zone "11.168.192.in-addr.arpa" {
type master;
file "db.192.168.11.0";
allow-update { key rndc-key; };
};

zone "_msdcs.hq.arkonnetworks.com" {
type master;
file "db._msdcs.hq.arkonnetworks.com";
allow-update { 192.168.22.0/24; };
};

zone "_sites.hq.arkonnetworks.com" {
type master;
file "db._sites.hq.arkonnetworks.com";
allow-update { 192.168.22.0/24; };
};

zone "_tcp.hq.arkonnetworks.com" {
type master;
file "db._tcp.hq.arkonnetworks.com";
allow-update { 192.168.22.0/24; };
};

zone "_udp.hq.arkonnetworks.com" {
type master;
file "db._udp.hq.arkonnetworks.com";
allow-update { 192.168.22.0/24; };
};