stopping update denied mesgs.
Pete Ehlke
pde at ehlke.net
Fri Jul 19 15:53:02 UTC 2002
On Fri, Jul 19, 2002 at 11:45:51AM -0400, MegaNet DomainReg wrote:
>
> "update denied" messages are filling up my log. This is mostly from windows
> machines. I want to be able to stop seeing these messages in the log file.
> I'm sure there is several ways to do this one is changing the MNAME to
> localhost.
The right way is to properly configure your windows machines. Of course
this is a bit difficult if the majority of the updates you're seeing
come from outside your organization.
> I was thinking of stopping these updates at the core router, instead of
> changing the MNAME, what port numbers to these updates come in on and is it
> udp and tcp.
>
Updates are regular DNS packets. You can't block them without blocking
all DNS traffic.
>
> How would I be able to send all update denied info to null?
>
> Im using bind 9
Denied update messages are logged to the security channel in current
versions of bind. You can send security to /dev/null, but I don't think
you really want to do that.
9.3 will include a seperate channel for failed updates.
-Pete
More information about the bind-users
mailing list