After adding an oes2sp3 dsfw server to an existing environment (other servers were oes2sp3, but started life as oes2sp1) was getting named failure when trying to start dns.

This not only on new server, but also existing servers.

It appears that the installation (perhaps run of provisioning tool) might have added an 'update' policy to the zone configurations touched through install (new reverse and existing 'main domain')....

errors from
12-Jun-2012 17:35:31.070 config: isccfg/parser: error: zone '': 'allow-update' is ignored when 'update-policy' is present
12-Jun-2012 17:35:31.070 general: server: error: reloading configuration failed: failure


Looked at zone config in iManager and saw 'Update Policy' 'grant * sam * A SRV PTR'
Checked other zones and they just had 'Allow Update' 'any'....

Anyhow, to get things running again I just removed the 'Update Policy' from the two zones, and all is good

However, concerned that this is actually meant to be some sort of security fix/update, presumably to do with dynamic updates...

Anyone else seeing anything like this? Any thoughts?