Mates: I did it, I now know I should not have done it, but I did it before I knew better, and now I am stuck -- aarghh. Here is the setup: SuSE 8.2 pro, bind9, dhcpd with ddns. What happened was I decided to change dhcpd.com range dynamic-bootp from 192.168.7.100 192.168.7.120 to 192.168.7.80 192.168.7.100. Simple enough. I then went and did it - the no no - I went and edited /var/lib/named/dyn/3111skyline.com and 192.169.7. by hand. In the 3111skyline.com zone file I deleted the following: $TTL 10800 ; 3 hours kidsdell A 192.168.7.99 TXT "311971***************************14fe6" $TTL 10800 ; 3 hours ripper A 192.168.7.120 TXT "313f41f***************************9bc318" out of the 192.168.7 zone, I deleted: kidsdell A 192.168.7.99 ripper A 192.168.7.120 I updated the serial in each and then restarted named. It didn't work so I found out that I should delete the .jnl journal files. I did, but it still won't work. So then I found nsupdate and deleted the entries and then added the entries back with the -k /etc/Kdhcp_updater.+157+20222.private key file designated. Now the zone files are updated, but without any TXT shared secret info and my log shows errors that named denies the update: Apr 6 12:55:04 skyline dhcpd: Wrote 2 leases to leases file. Apr 6 12:55:04 skyline dhcpd: DHCPREQUEST for 192.168.7.100 from 00:0c:76:13:90:c2 (ripper) via eth0 Apr 6 12:55:04 skyline dhcpd: DHCPACK on 192.168.7.100 to 00:0c:76:13:90:c2 (ripper) via eth0 Apr 6 12:55:04 skyline named[22720]: client 192.168.7.100#4898: update '3111skyline.com/IN' denied Apr 6 12:55:49 skyline dhcpd: DHCPREQUEST for 192.168.7.99 from 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 6 12:55:49 skyline dhcpd: DHCPACK on 192.168.7.99 to 00:0d:56:68:31:ab (kidsdell) via eth0 Apr 6 12:55:49 skyline named[22720]: client 192.168.7.99#2839: update '3111skyline.com/IN' denied I have read that bind9 changed from using the .private file to the .key file around 9.2 but I'm not sure what difference that would make. Any ideas what I need to do to get bind to allow the updates without the denied errors. The zone files currently look like this: skyline:/home/david/Documents/linux_config/var/lib/named/dyn # cat /var/lib/named/dyn/3111skyline.com $ORIGIN . $TTL 172800 ; 2 days 3111skyline.com IN SOA skyline.3111skyline.com. root.3111skyline.com. ( 2004040406 ; serial 86400 ; refresh (1 day) 7200 ; retry (2 hours) 3600000 ; expire (5 weeks 6 days 16 hours) 172800 ; minimum (2 days) ) NS 66.76.2.130. NS skyline.3111skyline.com. MX 0 mail.3111skyline.com. $ORIGIN 3111skyline.com. gw A 192.168.7.13 $TTL 86400 ; 1 day kidsdell A 192.168.7.99 $TTL 172800 ; 2 days localhost A 127.0.0.1 mail A 192.168.7.14 $TTL 86400 ; 1 day ripper A 192.168.7.100 $TTL 172800 ; 2 days skyline A 192.168.7.14 www A 192.168.7.14 skyline:/home/david/Documents/linux_config/var/lib/named/dyn # cat /var/lib/named/dyn/192.168.7 $ORIGIN . $TTL 172800 ; 2 days 7.168.192.in-addr.arpa IN SOA skyline.3111skyline.com. root.3111skyline.com. ( 2004040408 ; serial 86400 ; refresh (1 day) 7200 ; retry (2 hours) 3600000 ; expire (5 weeks 6 days 16 hours) 172800 ; minimum (2 days) ) NS skyline.3111skyline.com. $ORIGIN 7.168.192.in-addr.arpa. 13 PTR gw.3111skyline.com. 14 PTR mail.3111skyline.com. PTR skyline.3111skyline.com. $ORIGIN 7.168.192.7.168.192.in-addr.arpa. $TTL 10800 ; 3 hours 100 PTR ripper.3111skyline.com. 99 PTR kidsdell.3111skyline.com. -- David C. Rankin, J.D., P.E. RANKIN * BERTIN, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.642 / Virus Database: 410 - Release Date: 3/24/04