How 2 stop unapproved updates?
Barry Margolin
barmar at genuity.net
Mon Apr 17 19:18:06 UTC 2000
In article <8dflod$8ju$1 at nnrp1.deja.com>, <mycos at my-deja.com> wrote:
>In article <006101bfa891$e00b1450$7cc2a8ce at WALTERB>,
> "Cricket Liu" <cricket at acmebw.com> wrote:
>> > How do I keep the following from happening? Is there a port I can
>block?
>> > What effect does the following have on my DNS?
>>
>> See http://www.acmebw.com/askmrdns/bind-messages.htm#idx_u.
>
>I didn't find the answer there as to which port is used... I've looked
>for this information as well. In fact, RFC 2136 (someone correct me if
>that's not the latest/best RFC for DDNS stuff) doesn't mention a port
>number anywhere that I can find, so my guess is that it's all happening
>over 53 (or whatever is specified in named.conf).
Yes. Dynamic updates use the same protocol as DNS queries, and hence they
use the same port.
>So I think that the short answer to the question "Can I block DDNS
>updates at the port level" is no, not if you want your server to still
>answer regular queries on udp 53.
Correct.
This type of filtering needs to be done at the application level. And the
log messages he's getting indicate that the filtering is happening as
desired. "unapproved update" means that the update was *not* performed
(because it wasn't approved).
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list