Getting "unapproved update from" slave servers

Michael Voight mvoight at cisco.com
Wed Aug 25 20:28:09 UTC 1999 


Guy Lancaster wrote:
> 
>   Following up on my previous post, thanks for all the
> suggestions.  We do in fact have some NT boxes but they're all
> (as far as I know) running NT4.0 (not NT5 Beta) and the source
> of the messages seems to be the slave DNS servers running
> Linux.
> 
>   However, looking at the logs of the slaves I see examples of:
> 
> Aug 25 11:13:42 ns named[256]: Err/TO getting serial# for
> "4.168.192.IN-ADDR.ARPA"
> 
> that seem to correspond to the unapproved update messages on
> the master.  It would appear that the master sees the serial
> number requests as being updates and is refusing them but this
> makes no sense.  On the master I'm also getting:
> 
> Aug 25 08:52:14 lucy named[447]:
> stream_getlen([192.168.4.1].8211): Broken pipe
> Aug 25 08:53:17 lucy named[447]: unapproved update from
> [192.168.3.128].64446 for 3.168.192.in-addr.arpa
> 
> that correspond to the different slave servers.  Any ideas?
> DNS and zone transfers seem to be working properly but these
> messages bother me.  Could it be confusion between the private
> and public IP's on the servers?  I'll append sample zone
> records below.
> 
>          Guy
> ---
> Guy Lancaster wrote:
> 
> >   I'm fairly new to setting up DNS servers.  I'm running
> > Bind 8.2.6 on Redhat 6.0 on 3 machines.  Everything seemed
> > fine for a few days and then today in the master server's
> > log messages I'm getting "unapproved update from" the slave
> > name servers on several zones.
> >
> >   I should only be getting requests for serial numbers and
> > zone transfers from the slaves.  What's happening?
> >
> >   I am using allow-query and allow-transfer clauses in my
> > named.conf files.  All of these include the addresses for
> > the master server.
> >
> 
> ---
> On the master serving 204.244.152.33 and 192.168.4.17:
> zone "4.168.192.IN-ADDR.ARPA" {
>         type master;
>         file "db.192.168.4";
>         allow-query { 127.0.0.1; 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
>         allow-transfer { 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
> };
> 
> On the slave serving 204.174.243.129 and 192.168.4.1:
> zone "4.168.192.IN-ADDR.ARPA" {
>         type slave;
>         file "db.192.168.4";
>         masters { 204.244.152.33; 192.168.4.17; };
>         allow-query { 127.0.0.1; 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
>         allow-transfer { 192.168/16; 204.244.152.32/28;
> 204.174.243.128/28; 208.2.66.2; };
> };
> ---

More information about the bind-users mailing list