Getting "unapproved update from" slave servers
Michael Voight
mvoight at cisco.com
Wed Aug 25 14:00:32 UTC 1999
Jim Reid wrote:
>
> >>>>> "Guy" == Guy Lancaster <glanca at gesn.com> writes:
>
> Guy> I'm fairly new to setting up DNS servers. I'm running Bind
> Guy> 8.2.6 on Redhat 6.0 on 3 machines. Everything seemed fine
> Guy> for a few days and then today in the master server's log
> Guy> messages I'm getting "unapproved update from" the slave name
> Guy> servers on several zones.
>
> Guy> I should only be getting requests for serial numbers and
> Guy> zone transfers from the slaves. What's happening?
>
> You've probably got some NT5-betas (W2K) boxes in your net and they're
> trying to use Dynamic DNS to register themselves. Hunt these systems
> down and get them to stop doing this. If that's not the case, somebody
> is trying to compromise the integrity of your name servers by
> attempting to change the contents of your domain(s). They're sending
> Dynamic DNS update requests which your name server is rightly refusing
> to accept.
A W2K box would not cause the master to say the slave is unapproved.
Michael
More information about the bind-users
mailing list