To:
bind9-bugs@isc.org
cc:
dnsop@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Sun, 17 Mar 2002 01:17:50 -0600
Sender:
owner-dnsop@cafax.se
Subject:
limitations on nsupdate
Are there known limitations on what kinds of records nsupdate can process? I run the following script: #!/bin/sh exec >/var/log/nsupdate.log exec 2>&1 cd /etc/namedb host=$1 keyrec=`ipsec showhostkey | sed 1d | (read name rest && echo $name 3600 $rest)` nsupdate -d -v -k K$host.+157+26817.private <<EOF server 192.139.46.30 zone dasblinkenled.org update delete $host KEY update add $keyrec send EOF I get the following output. The unknown class/type suggests to me that it can not process KEY RR. I can see no mention of any limitation in the man page. [root@ietf-lapdog-1 etc]# more /var/log/nsupdate.log + cd /etc/namedb + host=ietf-lapdog-1.dasblinkenled.org ++ ipsec showhostkey ++ read name rest ++ sed 1d ++ echo ietf-lapdog-1.dasblinkenled.org. 3600 IN KEY 0x4200 4 1 AQN05UOtgPXQ89n4 y0UZomN0ax3ESwrgc1u2CQa3PDVsEtbY6ZR3gnJunU0BFaNEupi1z6JP3fq1fYgzJ4HTujLYCPaxCLVS GqdaGdxNDpiwJZ+iE8zpZH3pj1jSk+6Iz2PH/8ZIDWWknw7uDM3linOx5RtTEPATS9LS91YlxVxaFyBT AbkOUizcsZYDo8c25+rQ2FMxguN2CFjyah4LnvI6hqpoSuEZeFtyBxJnSfRvYoW3SKzRPq7BBivb21Na 74h+VfSEZWf6uykrfJmQAbV6t/PPwry6QR3TFwXk6v+wonqXgnwemdPnyp891SmaGmUw407hMGRqD2h8 p634KpSP + keyrec=ietf-lapdog-1.dasblinkenled.org. 3600 IN KEY 0x4200 4 1 AQN05UOtgPXQ89n 4y0UZomN0ax3ESwrgc1u2CQa3PDVsEtbY6ZR3gnJunU0BFaNEupi1z6JP3fq1fYgzJ4HTujLYCPaxCLV SGqdaGdxNDpiwJZ+iE8zpZH3pj1jSk+6Iz2PH/8ZIDWWknw7uDM3linOx5RtTEPATS9LS91YlxVxaFyB TAbkOUizcsZYDo8c25+rQ2FMxguN2CFjyah4LnvI6hqpoSuEZeFtyBxJnSfRvYoW3SKzRPq7BBivb21N a74h+VfSEZWf6uykrfJmQAbV6t/PPwry6QR3TFwXk6v+wonqXgnwemdPnyp891SmaGmUw407hMGRqD2h 8p634KpSP + nsupdate -d -v -k Kietf-lapdog-1.dasblinkenled.org.+157+26817.private Creating key... invalid rdata format: unknown class/type Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id: 37993 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; TSIG PSEUDOSECTION: ietf-lapdog-1.dasblinkenled.org. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 101634 9249 300 16 1E1fZ/ean/BKRHHiGp6SnQ== 37993 NOERROR 0 > > > > > Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 37993 ;; flags: ; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;dasblinkenled.org. IN SOA ;; UPDATE SECTION: ietf-lapdog-1.dasblinkenled.org. 0 ANY KEY ;; TSIG PSEUDOSECTION: ietf-lapdog-1.dasblinkenled.org. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 101634 9249 300 16 dzB4tUPzCUML248X5eW9pw== 37993 NOERROR 0 ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [