Getting "unapproved update from" slave servers
Michael Voight
mvoight at cisco.com
Wed Aug 25 20:28:09 UTC 1999
Guy Lancaster wrote:
>
> Following up on my previous post, thanks for all the
> suggestions. We do in fact have some NT boxes but they're all
> (as far as I know) running NT4.0 (not NT5 Beta) and the source
> of the messages seems to be the slave DNS servers running
> Linux.
>
> However, looking at the logs of the slaves I see examples of:
>
> Aug 25 11:13:42 ns named[256]: Err/TO getting serial# for
> "4.168.192.IN-ADDR.ARPA"
>
> that seem to correspond to the unapproved update messages on
> the master. It would appear that the master sees the serial
> number requests as being updates and is refusing them but this
> makes no sense. On the master I'm also getting:
>
> Aug 25 08:52:14 lucy named[447]:
> stream_getlen([192.168.4.1].8211): Broken pipe
> Aug 25 08:53:17 lucy named[447]: unapproved update from
> [192.168.3.128].64446 for 3.168.192.in-addr.arpa
>
> that correspond to the different slave servers. Any ideas?
> DNS and zone transfers seem to be working properly but these
> messages bother me. Could it be confusion between the private
> and public IP's on the servers? I'll append sample zone
> records below.
>
> Guy
> ---
> Guy Lancaster wrote:
>
> > I'm fairly new to setting up DNS servers. I'm running
> > Bind 8.2.6 on Redhat 6.0 on 3 machines. Everything seemed
> > fine for a few days and then today in the master server's
> > log messages I'm getting "unapproved update from" the slave
> > name servers on several zones.
> >
> > I should only be getting requests for serial numbers and
> > zone transfers from the slaves. What's happening?
> >
> > I am using allow-query and allow-transfer clauses in my
> > named.conf files. All of these include the addresses for
> > the master server.
> >
>
> ---
> On the master serving 204.244.152.33 and 192.168.4.17:
> zone "4.168.192.IN-ADDR.ARPA" {
> type master;
> file "db.192.168.4";
> allow-query { 127.0.0.1; 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
> allow-transfer { 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
> };
>
> On the slave serving 204.174.243.129 and 192.168.4.1:
> zone "4.168.192.IN-ADDR.ARPA" {
> type slave;
> file "db.192.168.4";
> masters { 204.244.152.33; 192.168.4.17; };
> allow-query { 127.0.0.1; 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
> allow-transfer { 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
> };
> ---
More information about the bind-users
mailing list