I contact you regarding a big issue that I am facing.
I have a NS group with grid primary and external secondary (Microsoft)
Since this morning, the secondary servers are not getting updates. Here are the errors we have for all of them:
The log message quoted here indicates that the client is attempting a dynamic (DDNS) update and that is not allowed. This is separate from any zone transfers that the secondary servers may be attempting, and it is not clear from where this log message is being pulled from (the primary or secondary name servers).
With DDNS, the workflow should look like this:
- Client sends an SOA query for its own name (FQDN).
- DNS server returns an nxdomain response (an SOA record for the clients name is not expected to exist), which also includes the SOA for the zone (example.com).
- Client sends an update request to the primary name server learned from the mname value in the SOA record for the zone in question.
What is not clear here is where things are not working here. To get to the bottom of this, it would be important to answer the following:
- Is the client sending its update to the wrong server? If so, check that the client isconfigured to resolve against the correct DNS server(s), and edit the properties for the zone and under the Settings tab, verify that the Primary name server (for SOA MNAME field) value is set correctly (if in doubt, do NOT override the default value).
- Are zone transfers failing for some reason? Verify that the secondary servers are configured as external secondary name servers and under the Zone Transfers tab in the properties for the zone, that nothing is denying the secondary name servers` IP address(es).
To fully troubleshoot this type of issue, one would need to be able to analyze the configurations on each of the servers, all related log messages from the system logs, and possibly test with queries to verify responses. Infoblox Support would be able to assist you with going through all of that if needed.
Thank you for the additional information. The next thing that I would verify is that DDNS is enabled in Infoblox (Data Management -> DHCP -> Grid DHCP Properties -> IPv4 DDNS). After that, verify that the primary name server will accept updates from the (Infoblox) DHCP server(s).
Because of all of the different pieces involved here, I would recommend opening a case with Infoblox Support and they should be able to walk through this fairly quickly with you.