Andrew (and SuSE list), Here is the situation. Suse 8.2, Bind 9.2.2 and DCHP using ddns. I can start bind with /etc/init.d/named start, and it runs and will update the zone but it will no longer insert the TXT "secret" record in the zone file. Also, it won't start with rndc. "connection refused error". I have built keys with dnskeygen and rndc-confgen. Here is the rncd output: skyline:/var/lib/named # rndc -V start create memory context create socket manager create task manager create task create logging context setting log tag creating log channel enabling log channel create parser get key decode base64 secret start post event using server 127.0.0.1 (127.0.0.1#953) create socket connect rndc: connect failed: connection refused And then: skyline:/var/lib/named # rcnamed start Starting name server BIND 9 done skyline:/var/lib/named # rndc -V status create memory context create socket manager create task manager create task create logging context setting log tag creating log channel enabling log channel create parser get key decode base64 secret status post event using server 127.0.0.1 (127.0.0.1#953) create socket connect create message render message schedule recv send message parse message number of zones: 6 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running When bind is running it now gives update denied errors in the log file. This all started after I edited the zone files and restarted named. I have since deleted the .jnl files and used nsupdate to delete and re-add the info to the zones. Named/dhcp will add the A record to the zone but I still can't get the TXT record added and I still get errors. I just need someone to point me in the right direction to some documentation that will tell me whether I need to scrap my entire setup and start over or whether I can do something to fix it. The bind9arm.pdf troubleshooting doesn't really help. In the Suse implementation, bind runs chrooted in /var/lib/named. If you would just take a quick look at the zones and config and errors below, I would really appreciate it! Here are the details (zones, named.conf, named.key, rndc.key, dhcpd.conf and the recent named and dhcp messages from var/log): skyline:/var/lib/named # ls etc . .. localtime named.conf named.keys rndc.key skyline:/var/lib/named # cat etc/named.conf include "/etc/named.keys"; options { directory "/var/lib/named"; forward first; forwarders { 66.76.2.130; 208.180.1.69;}; // query-source address * port 53; }; zone "." { type hint; file "root.hint"; }; zone "localhost" { type master; file "localhost"; }; zone "0.0.127.in-addr.arpa" { type master; file "127.0.0"; }; zone "3111skyline.com" { type master; file "dyn/3111skyline.com"; allow-update{ key DHCP_UPDATER; }; }; zone "7.168.192.in-addr.arpa" { type master; file "dyn/192.168.7"; allow-update{ key DHCP_UPDATER; }; }; skyline:/var/lib/named # cat etc/named.keys # generated by genDDNSKey.sh on Fri Apr 2 22:22:00 CST 2004 key DHCP_UPDATER { algorithm hmac-md5; secret "********Long string of stuff***********"; }; skyline:/var/lib/named # cat etc/rndc.key key "rndc-key" { algorithm hmac-md5; secret "****** Short String of Stuff ***********"; }; skyline:/var/lib/named # cat 127.0.0 0.0.127.in-addr.arpa. SOA skyline.3111skyline.com. root.3111skyline.com. ( 2004040200 ; Serial number 86400 ; Refresh 1 day 7200 ; Retry 2 hours 3600000 ; Expire 41.67 days 172800 ) ; Minimum TTL 2 days 0.0.127.in-addr.arpa. NS skyline.3111skyline.com. 1.0.0.127.in-addr.arpa. PTR localhost. skyline:/var/lib/named # cat localhost localhost. SOA skyline.3111skyline.com. root.3111skyline.com. ( 2004040200 ; Serial number 86400 ; Refresh 1 day 7200 ; Retry 2 hours 3600000 ; Expire 41.67 days 172800 ) ; Minimum TTL 2 days localhost. NS skyline.3111skyline.com. localhost. A 127.0.0.1 skyline:/var/lib/named # cat dyn/3111skyline.com $ORIGIN . $TTL 172800 ; 2 days 3111skyline.com IN SOA skyline.3111skyline.com. root.3111skyline.com. ( 2004040604 ; serial 86400 ; refresh (1 day) 7200 ; retry (2 hours) 3600000 ; expire (5 weeks 6 days 16 hours) 172800 ; minimum (2 days) ) NS 66.76.2.130. NS skyline.3111skyline.com. MX 0 mail.3111skyline.com. $ORIGIN 3111skyline.com. gw A 192.168.7.13 $TTL 0 ; 0 seconds kidsdell A 192.168.7.99 $TTL 172800 ; 2 days localhost A 127.0.0.1 mail A 192.168.7.14 $TTL 86400 ; 1 day ripper A 192.168.7.100 $TTL 172800 ; 2 days skyline A 192.168.7.14 www A 192.168.7.14 skyline:/var/lib/named # cat dyn/192.168.7 $ORIGIN . $TTL 172800 ; 2 days 7.168.192.in-addr.arpa IN SOA skyline.3111skyline.com. root.3111skyline.com. ( 2004040612 ; serial 86400 ; refresh (1 day) 7200 ; retry (2 hours) 3600000 ; expire (5 weeks 6 days 16 hours) 172800 ; minimum (2 days) ) NS skyline.3111skyline.com. $ORIGIN 7.168.192.in-addr.arpa. 13 PTR gw.3111skyline.com. 14 PTR mail.3111skyline.com. PTR skyline.3111skyline.com. $ORIGIN 7.168.192.7.168.192.in-addr.arpa. $TTL 86400 ; 1 day 100 PTR ripper.3111skyline.com. $TTL 10800 ; 3 hours 99 PTR kidsdell.3111skyline.com. Here is the dhcp info: skyline:/var/lib/dhcp # cat etc/dhcpd.conf ddns-updates on; ddns-update-style interim; # ignore client-updates; include "/etc/named.keys"; subnet 192.168.7.0 netmask 255.255.255.0 { # default gateway option routers 192.168.7.13; option subnet-mask 255.255.255.0; option domain-name "3111skyline.com"; option domain-name-servers 192.168.7.14; #option domain-name-servers 66.76.2.130, 208.180.118.2; option netbios-name-servers 192.168.7.14; ddns-domainname "3111skyline.com"; ddns-rev-domainname "7.168.192.in-addr.arpa"; range dynamic-bootp 192.168.7.80 192.168.7.100; default-lease-time 21600; max-lease-time 43200; # Adding zone information zone 3111skyline.com. {primary 127.0.0.1; key DHCP_UPDATER; } zone 7.168.192.in-addr.arpa. { primary 127.0.0.1; key DHCP_UPDATER; } } and the errors: Apr 7 03:54:18 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 03:54:18 skyline dhcpd: DHCPREQUEST for 192.168.7.100 from 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 03:54:18 skyline dhcpd: DHCPACK on 192.168.7.100 to 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 03:54:18 skyline named[650]: client 192.168.7.100#1807: update '3111skyline.com/IN' denied Apr 7 04:41:24 skyline named[650]: client 192.168.7.99#4162: update '3111skyline.com/IN' denied Apr 7 04:54:03 skyline named[650]: client 192.168.7.100#1834: update '3111skyline.com/IN' denied Apr 7 05:41:24 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 05:41:24 skyline named[650]: client 192.168.7.99#4306: update '3111skyline.com/IN' denied Apr 7 05:41:24 skyline dhcpd: DHCPREQUEST for 192.168.7.99 from 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 7 05:41:24 skyline dhcpd: DHCPACK on 192.168.7.99 to 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 7 05:41:24 skyline named[650]: client 192.168.7.99#4309: update '3111skyline.com/IN' denied Apr 7 05:53:48 skyline named[650]: client 192.168.7.100#1861: update '3111skyline.com/IN' denied Apr 7 06:41:24 skyline named[650]: client 192.168.7.99#4438: update '3111skyline.com/IN' denied Apr 7 06:53:32 skyline named[650]: client 192.168.7.100#1888: update '3111skyline.com/IN' denied Apr 7 06:54:31 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 06:54:31 skyline dhcpd: DHCPREQUEST for 192.168.7.100 from 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 06:54:31 skyline dhcpd: DHCPACK on 192.168.7.100 to 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 06:54:31 skyline named[650]: client 192.168.7.100#1891: update '3111skyline.com/IN' denied Apr 7 07:41:24 skyline named[650]: client 192.168.7.99#4582: update '3111skyline.com/IN' denied Apr 7 07:54:17 skyline named[650]: client 192.168.7.100#1918: update '3111skyline.com/IN' denied Apr 7 08:41:24 skyline named[650]: client 192.168.7.99#4714: update '3111skyline.com/IN' denied Apr 7 08:41:24 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 08:41:24 skyline dhcpd: DHCPREQUEST for 192.168.7.99 from 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 7 08:41:24 skyline dhcpd: DHCPACK on 192.168.7.99 to 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 7 08:41:24 skyline named[650]: client 192.168.7.99#4717: update '3111skyline.com/IN' denied Apr 7 08:54:02 skyline named[650]: client 192.168.7.100#1942: update '3111skyline.com/IN' denied Apr 7 09:41:24 skyline named[650]: client 192.168.7.99#4860: update '3111skyline.com/IN' denied Apr 7 09:53:47 skyline named[650]: client 192.168.7.100#1969: update '3111skyline.com/IN' denied Apr 7 09:54:48 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 09:54:48 skyline dhcpd: DHCPREQUEST for 192.168.7.100 from 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 09:54:48 skyline dhcpd: DHCPACK on 192.168.7.100 to 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 09:54:48 skyline named[650]: client 192.168.7.100#1972: update '3111skyline.com/IN' denied Apr 7 10:41:25 skyline named[650]: client 192.168.7.99#1037: update '3111skyline.com/IN' denied Apr 7 10:54:33 skyline named[650]: client 192.168.7.100#1999: update '3111skyline.com/IN' denied Apr 7 11:41:25 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 11:41:25 skyline named[650]: client 192.168.7.99#1168: update '3111skyline.com/IN' denied Apr 7 11:41:25 skyline dhcpd: DHCPREQUEST for 192.168.7.99 from 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 7 11:41:25 skyline dhcpd: DHCPACK on 192.168.7.99 to 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 7 11:41:25 skyline named[650]: client 192.168.7.99#1171: update '3111skyline.com/IN' denied Apr 7 11:54:18 skyline named[650]: client 192.168.7.100#2027: update '3111skyline.com/IN' denied Apr 7 12:41:25 skyline named[650]: client 192.168.7.99#1310: update '3111skyline.com/IN' denied Apr 7 12:54:03 skyline named[650]: client 192.168.7.100#2054: update '3111skyline.com/IN' denied Apr 7 12:55:03 skyline dhcpd: Wrote 2 leases to leases file. Apr 7 12:55:03 skyline dhcpd: DHCPREQUEST for 192.168.7.100 from 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 12:55:03 skyline dhcpd: DHCPACK on 192.168.7.100 to 00:0c:76:13:90:c2 (ripper) via eth0 Apr 7 12:55:03 skyline named[650]: client 192.168.7.100#2059: update '3111skyline.com/IN' denied -- David C. Rankin, J.D., P.E. RANKIN * BERTIN, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.642 / Virus Database: 410 - Release Date: 3/24/04