I have a Bind9 server (RHEL 8.5) in my lab that was working perfectly fine until a couple of hours ago. Then, it stopped updating one of the 2 zones for which I have setup dynamic DNS.
The example.com receives the updates (add and delete records). However, the reverse zone is not working.
The configuration for both files is the following:
zone "0.0.10.in-addr.arpa" in {
type master;
file "master/10.0.0.zone";
allow-query { lab; };
allow-update { key update-key.; };
};
zone "example.com" in {
type master;
file "master/example.com.zone";
allow-query { lab; };
allow-update { key update-key.; };
};
The error message is the following:
Jan 26 18:27:50 dnssrv named[890542]: client @0x7f128c048c20 10.1.0.12#49800/key update-key: updating zone 'example.com/IN': update unsuccessful: testsrv.example.com/A: 'rrset exists (value independent)' prerequisite not satisfied (NXRRSET)
Jan 26 18:27:50 dnssrv named[890542]: client @0x7f12a41a3500 10.1.0.12#49802/key update-key: signer "update-key" approved
Jan 26 18:27:50 dnssrv named[890542]: client @0x7f12a41a3500 10.1.0.12#49802/key update-key: updating zone 'example.com/IN': adding an RR at 'testsrv.example.com' A 10.1.0.153
Jan 26 18:27:51 dnssrv named[890542]: client @0x7f1280059890 10.1.0.12#49804/key update-key: update '0.10.IN-ADDR.ARPA/IN' denied
Jan 26 18:27:51 dnssrv named[890542]: client @0x7f128c0410d0 10.1.0.12#49806/key update-key: update '0.10.IN-ADDR.ARPA/IN' denied
I used rndc trace to increase the log level to 6, but to no avail, I didn't find any more clues about the issue.
I am really in the dark since so far I have tried:
- Delete the dynamic directory and re-create it
- Delete the zone file and restore it from a known working backup
- Re-install named packages
- Create a new TSIG key
- Allow updates without key/network check.
I still get this refused message, so, I am completely in the dark.
Any help would be appreciated.
