Security Error

Josh Hyles josh.maillists at gmail.com
Sat Jan 28 08:34:34 UTC 2006 

On 1/28/06, Barry Margolin <barmar at alum.mit.edu> wrote:
> In article <drcdiv$i2k$1 at sf1.isc.org>,
>  Josh Hyles <josh.maillists at gmail.com> wrote:
>
> > its actually blank. I mean, i dont have an allow-update. All the other
> > domains work fine though and they dont have allow-update statements.
>
> The default is that dynamic updates are not allowed.  So the "update
> denied" messages are normal if there's a client trying to perform an
> update.
>
> > Here is some of the stuff from the log that shows me the other domains
> > are working fine..
> >
> > 23-Jan-2006 12:48:49.571 notify: info: zone
> > wisdomofwellnessproject.com/IN/external: sending notifies (serial
> > 2004050801)
> > 23-Jan-2006 12:48:50.571 notify: info: client 12.45.64.7#4634: view
> > external: received notify for zone 'theborgata.org'
> > 23-Jan-2006 12:48:51.071 notify: info: client 12.45.64.7#4634: view
> > external: received notify for zone 'braithwaiteart.com'
> > 23-Jan-2006 12:48:51.540 xfer-out: info: client 216.117.131.89#2183:
> > view external: transfer of 'grinn.net/IN': AXFR-style IXFR started
> > 23-Jan-2006 12:48:51.540 xfer-out: info: client 216.117.131.89#2183:
> > view external: transfer of 'grinn.net/IN': AXFR-style IXFR ended
>
> There aren't any update attempts in those messages.

I think this goes back to the difference between updates and
transfers. I need to do some reading. Thanks

>
> > now i'm completely lost actually. I see these logs on NS1... how is it
> > receiving notifies? I also just noticed this...
>
> Notifies have nothing to do with dynamic updates.  Notifies are sent by
> a master server to the slave servers, to tell them that you've reloaded
> the zone and they should perform a zone transfer.  Updates are sent by
> individual PC's or servers like Active Directory, to add or delete
> individual records in your zones on the fly.
>
> >
> > 26-Jan-2006 22:06:46.618 xfer-out: info: client 15.243.224.31#37832:
> > view external: transfer of 'goatinatree.com/IN': AXFR started
> > 26-Jan-2006 22:06:46.618 xfer-out: info: client 15.243.224.31#37832:
> > view external: transfer of 'goatinatree.com/IN': AXFR ended
> > 26-Jan-2006 23:01:23.040 update-security: error: client
> > 12.45.64.7#1031: view external: update 'goatinatree.com/IN' denied
> >
> > So I must be wrong, they must be for different things, I thought the
> > error was in place of the starting and stopping of a transfer.
>
> Yes, they're different things.  The "denied" message means that some
> random machine 12.45.64.7 is trying to modify something in the
> goatinatree.com domain.  It could be a PC that just got its address
> using DHCP, and is trying to create a DNS entry for itself.

The weird thing to me is tha NS1 is 12.45.64.7 and so that would mean
that the machine itself is trying to change something. The wayI have
it setup is that the DNS server for this network adaptor is 127.0.0.1
so maybe I have something set in there that is making the nic think it
needs to register in DNS. I'll check that thanks.

>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
>

More information about the bind-users mailing list