The log message quoted here indicates that the client is attempting a dynamic (DDNS) update and that is not allowed. This is separate from any zone transfers that the secondary servers may be attempting, and it is not clear from where this log message is being pulled from (the primary or secondary name servers).
With DDNS, the workflow should look like this:
- Client sends an SOA query for its own name (FQDN).
- DNS server returns an nxdomain response (an SOA record for the clients name is not expected to exist), which also includes the SOA for the zone (example.com).
- Client sends an update request to the primary name server learned from the mname value in the SOA record for the zone in question.
What is not clear here is where things are not working here. To get to the bottom of this, it would be important to answer the following:
- Is the client sending its update to the wrong server? If so, check that the client isconfigured to resolve against the correct DNS server(s), and edit the properties for the zone and under the Settings tab, verify that the Primary name server (for SOA MNAME field) value is set correctly (if in doubt, do NOT override the default value).
- Are zone transfers failing for some reason? Verify that the secondary servers are configured as external secondary name servers and under the Zone Transfers tab in the properties for the zone, that nothing is denying the secondary name servers` IP address(es).
To fully troubleshoot this type of issue, one would need to be able to analyze the configurations on each of the servers, all related log messages from the system logs, and possibly test with queries to verify responses. Infoblox Support would be able to assist you with going through all of that if needed.
Regards,
Tony
