From wolfgang@lyxys.ka.sub.org  Sun Mar  3 14:24:23 2002
Return-Path: <wolfgang@lyxys.ka.sub.org>
Received: from subnet.sub.net (subnet.sub.net [212.227.14.21])
	by hub.freebsd.org (Postfix) with ESMTP id 032B337B400
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  3 Mar 2002 14:24:22 -0800 (PST)
Received: from lyxys.ka.sub.org (uucp@localhost)
	by subnet.sub.net (8.11.6/8.11.6/subnet-freebsd-1.0) with bsmtp id g23MOKk91894
	for FreeBSD-gnats-submit@freebsd.org; Sun, 3 Mar 2002 23:24:20 +0100 (CET)
	(envelope-from wolfgang@lyxys.ka.sub.org)
Received: from localhost (4715 bytes) by lyxys.ka.sub.org
	via sendmail with P:stdio/R:smart_host/T:inet_uusmtp
	(sender: <wolfgang>) (ident <wolfgang> using unix)
	id <m16he9v-003pROC@lyxys.ka.sub.org>
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 3 Mar 2002 23:08:47 +0100 (CET)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Aug-23)
Message-Id: <m16he9v-003pROC@lyxys.ka.sub.org>
Date: Sun, 3 Mar 2002 23:08:47 +0100 (CET)
From: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org>
Reply-To: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: nsupdate fails if destination dns is not in your resolv.conf
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         35521
>Category:       bin
>Synopsis:       nsupdate fails if destination dns is not in your resolv.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 03 14:30:01 PST 2002
>Closed-Date:    Sun Sep 29 21:07:41 PDT 2002
>Last-Modified:  Sun Sep 29 21:07:41 PDT 2002
>Originator:     Wolfgang Zenker
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
>Environment:
System: FreeBSD gate.lyx 4.5-STABLE FreeBSD 4.5-STABLE #1: Sun Mar  3 17:28:22 CET 2002     wolfgang@gate.lyx:/usr/obj/usr/local/src/sys/GATE  i386

>Description:
	Trying to use nsupdate to dynamically update a dns entry fails.
	It works using an nsupdate from early November (based on BIND 8.2.4)
	instead of the 8.3.1-based nsupdate that is now in STABLE.

	Debug-output:

	Working version (from 4.4-STABLE, based on BIND 8.2.4):
	-------------------------------------------------------
	This is the last part of the output of a working update.
	As you can see, it asks my nameserver (192.168.203.254) for
	the NS Record for the destination domain (dyn.sub.org), then
	sends the update request to that servers ip address.
 :: ;; res_nmkquery(QUERY, dyn.sub.org, IN, NS)
 :: ;; res_send()
 :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43947
 :: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 :: ;; QUERY SECTION:
 :: ;;      dyn.sub.org, type = NS, class = IN
 :: 
 :: ;; Querying server (# 1) address = 192.168.203.254
 :: ;; new DG socket
 :: ;; got answer:
 :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43947
 :: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 :: ;; QUERY SECTION:
 :: ;;      dyn.sub.org, type = NS, class = IN
 :: 
 :: ;; ANSWER SECTION:
 :: dyn.sub.org.            23h10m34s IN NS  goldie.jpaves.de.
 :: 
 :: ;; ADDITIONAL SECTION:
 :: goldie.jpaves.de.       14h52m51s IN A  212.86.210.58
 :: 
 :: ;; res_send()
 :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 43948
 :: ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 1
 :: ;;      dyn.sub.org, type = SOA, class = IN
 :: lyxys.dyn.sub.org.      0S ANY A
 :: lyxys.dyn.sub.org.      2m30s IN A      217.227.147.166
 :: dynsub.                 0S ANY TSIG     HMAC-MD5.SIG-ALG.REG.INT. 0
 :: ;; Querying server (# 1) address = 212.86.210.58
 :: ;; new DG socket
 :: ;; got answer:
 :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 43948
 :: ;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1
 :: dynsub.                 0S ANY TSIG     HMAC-MD5.SIG-ALG.REG.INT. 0
 :: 

	Non-Working version (from 4.5-STABLE, based on BIND 8.3.1):
	-----------------------------------------------------------
	This is the last part of the output of a non-working update.
	As you can see, this time the update request is beeing sent
	to my own nameserver, which has nothing to do with the zone
	being updated. Therefore it sends back "NOTAUTH".

 :: ;; res_nmkquery(QUERY, dyn.sub.org, IN, NS)
 :: ;; res_send()
 :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42326
 :: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 :: ;; QUERY SECTION:
 :: ;;      dyn.sub.org, type = NS, class = IN
 :: 
 :: ;; Querying server (# 1) address = 192.168.203.254
 :: ;; new DG socket
 :: ;; got answer:
 :: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42326
 :: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 :: ;; QUERY SECTION:
 :: ;;      dyn.sub.org, type = NS, class = IN
 :: 
 :: ;; ANSWER SECTION:
 :: dyn.sub.org.            23h10m4s IN NS  goldie.jpaves.de.
 :: 
 :: ;; ADDITIONAL SECTION:
 :: goldie.jpaves.de.       14h52m21s IN A  212.86.210.58
 :: 
 :: ;; res_send()
 :: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 42327
 :: ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 1
 :: ;;      dyn.sub.org, type = SOA, class = IN
 :: lyxys.dyn.sub.org.      0S ANY A
 :: lyxys.dyn.sub.org.      2m30s IN A      217.227.147.166
 :: dynsub.                 0S ANY TSIG     HMAC-MD5.SIG-ALG.REG.INT. 0
 :: ;; Querying server (# 1) address = 192.168.203.254
 :: ;; new DG socket
 :: ;; got answer:
 :: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 42327
 :: ;; flags: qr ra; ZONE: 1, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1
 :: ;;      dyn.sub.org, type = SOA, class = IN
 :: .                       0S ANY TSIG     . 17


>How-To-Repeat:
	Send update request for a zone where your own nameserver (the one in
	your resolv.conf) is not authoritative.
>Fix:
	As a workaround I am currently using an old nsupdate binary.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: matusita 
State-Changed-When: Sun Mar 3 15:53:54 PST 2002 
State-Changed-Why:  


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35521 

From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/35521: nsupdate fails if destination dns is not in your
 resolv.conf
Date: Mon, 04 Mar 2002 08:59:47 +0900

 > State-Changed-From-To: open->analyzed
 > State-Changed-By: matusita
 > State-Changed-When: Sun Mar 3 15:53:54 PST 2002
 > State-Changed-Why:
 
 Gaaaaaaah, null comments, sorry.  What I should say is:
 
 	This is a (known) nsupdate bug of BIND 8.3.1.  Already fixed
 	in ISC's code.  This bug can be fixed if and only if BIND
 	8.3.2 (the next release of BIND 8.3) is out.
 
 	This PR can be closed if we import a new BIND code.

From: Peter Pentchev <roam@ringlet.net>
To: Makoto Matsushita <matusita@jp.FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/35521: nsupdate fails if destination dns is not in your resolv.conf
Date: Mon, 4 Mar 2002 12:12:12 +0200

 On Sun, Mar 03, 2002 at 04:00:09PM -0800, Makoto Matsushita wrote:
 > The following reply was made to PR bin/35521; it has been noted by GNATS.
 > 
 > From: Makoto Matsushita <matusita@jp.FreeBSD.org>
 > To: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org>
 > Cc: bug-followup@FreeBSD.org
 > Subject: Re: bin/35521: nsupdate fails if destination dns is not in your
 >  resolv.conf
 > Date: Mon, 04 Mar 2002 08:59:47 +0900
 > 
 >  > State-Changed-From-To: open->analyzed
 >  > State-Changed-By: matusita
 >  > State-Changed-When: Sun Mar 3 15:53:54 PST 2002
 >  > State-Changed-Why:
 >  
 >  Gaaaaaaah, null comments, sorry.  What I should say is:
 >  
 >  	This is a (known) nsupdate bug of BIND 8.3.1.  Already fixed
 >  	in ISC's code.  This bug can be fixed if and only if BIND
 >  	8.3.2 (the next release of BIND 8.3) is out.
 >  
 >  	This PR can be closed if we import a new BIND code.
 
 Mmm.. I may be dumb here, but if this bug is already fixed in ISC's code,
 and we get their assurance that the fix and the lines around the fix
 would not change much before 8.3.2 is out, could we not import this fix
 on a vendor branch?  This has certainly been done before for other contrib
 software..
 
 G'luck,
 Peter
 
 -- 
 Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
 PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
 Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
 This sentence is false.

From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: roam@ringlet.net
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/35521: nsupdate fails if destination dns is not in your
 resolv.conf
Date: Mon, 04 Mar 2002 19:29:26 +0900

 roam> Mmm.. I may be dumb here, but if this bug is already fixed in
 roam> ISC's code, and we get their assurance that the fix and the
 roam> lines around the fix would not change much before 8.3.2 is out,
 roam> could we not import this fix on a vendor branch?
 
 No.  The author said that "please do NOT".  It is not a good idea to
 spoil the author's intension.
 
 -- -
 Makoto `MAR' Matsushita

From: Peter Pentchev <roam@ringlet.net>
To: Makoto Matsushita <matusita@jp.FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/35521: nsupdate fails if destination dns is not in your resolv.conf
Date: Mon, 4 Mar 2002 13:09:45 +0200

 On Mon, Mar 04, 2002 at 07:29:26PM +0900, Makoto Matsushita wrote:
 > 
 > roam> Mmm.. I may be dumb here, but if this bug is already fixed in
 > roam> ISC's code, and we get their assurance that the fix and the
 > roam> lines around the fix would not change much before 8.3.2 is out,
 > roam> could we not import this fix on a vendor branch?
 > 
 > No.  The author said that "please do NOT".  It is not a good idea to
 > spoil the author's intension.
 
 Oh; okay, I did not know this.  Thanks for the explanation :)
 
 G'luck,
 Peter (who is not using BIND anyway ;)
 
 -- 
 Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
 PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
 Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
 I am not the subject of this sentence.

From: wolfgang@lyxys.ka.sub.org (Wolfgang Zenker)
To: Makoto Matsushita <matusita@jp.FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/35521: nsupdate fails if destination dns is not in your resolv.conf
Date: Mon, 30 Sep 2002 01:24:43 +0200 (CEST)

 > 	This is a (known) nsupdate bug of BIND 8.3.1.  Already fixed
 > 	in ISC's code.  This bug can be fixed if and only if BIND
 > 	8.3.2 (the next release of BIND 8.3) is out.
 
 > 	This PR can be closed if we import a new BIND code.
 
 Since we have had BIND 8.3.3 in the system for quite a while now and the
 problem does not exist anymore, I suggest that this PR be closed.
State-Changed-From-To: analyzed->closed 
State-Changed-By: matusita 
State-Changed-When: Sun Sep 29 21:06:21 PDT 2002 
State-Changed-Why:  
The originator requests to close this PR, since FreeBSD already imports 
new BIND code (8.3.3) to 4-stable.  Thank you for pointing out. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35521 
>Unformatted:
