Windows2000 is a Noisy Neighbor.
Delmer Harris
dharris at kcp.com
Mon Nov 6 22:24:04 UTC 2000
This is from the ISC archives, found with search string "Win2k register".
I suspect you might have better luck working with the various logging
parameters in the named.conf as there might be a combination of setting
there which would prevent logging this particular error.
A Win2k box, either workstation
or server, will by default try to register itself. You can turn off
this self-registration via
To see what options are set:
Start
Settings
Network and Dialup
Local Area
Properties
Adapter
Protocols
TCP/IP
Advanced
DNS
The "Register this name" box should NOT be checked.
If you need to uncheck the box, then you must reboot for the change
to take effect.
Once a self-registration has completed successfully, the Win2k box
will attempt another self-registration at these events (according to a
MS web page [the URL of which I will send in a subsequent posting])
every 24 hours
when the computer is rebooted
when the computer's IP configuration changes
when any plug-and-play event occurs
On our Win2k testbed, I was seeing self-registrations at these intervals
a few days after the one self-registration completed successfully:
5 minutes
10 minutes
60 minutes
5 minutes ...
I assume that the MS code expects the MS DNS "scavenger" code to be
running; that code might unregister the computer if it is off of the
network. In my testing, I allowed only ONE sef-registration to succeed;
I wanted to get a trace of the DNS update packets.
Martin McCormick <martin at dc.cis.okstate.edu> on 11/06/2000 03:27:57 PM
To: comp-protocols-dns-bind at moderators.isc.org
cc:
Subject: Windows2000 is a Noisy Neighbor.
We run bind8.2.2PL5 and our dns logs have suddenly
started to swarm on us. The problem is that every new
Windows2000 work station wants to update our dns with Heaven
knows what. We don't want to accept updates from anybody except
proper dns's.
I know this is the bind discussion group, but is there
anything I can tell our Windows2K crowd to turn off so that we
don't get swamped by messages like:
15-Oct-2000 16:22:15.208 unapproved update from
[139.78.7x.xxx].1033 for okstate.edu
15-Oct-2000 16:22:15.302 unapproved update from
[139.78.7x.xxx].1041 for 78.139.in-addr.arpa
This guy has left us 885 and counting such lines since
October 15.
At around the first of the month, I tallied all the Win2k
helpful update messages and 13 systems had generated 12,000
lines. Right now the log is 100,000 plus lines and most of that
is what I just showed you.
Windows2000 is showing up on campus like this year's flue
and I need to find a shot quickly.
It is not really hurting us from a security standpoint
because I don't accept the updates, but the messages are going to
Barry us.
Martin McCormick 405 744-7572 Stillwater, OK
OSU Center for Computing and Information services Data Communications Group
More information about the bind-users
mailing list