BIND unappproved updates

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Tue Feb 13 21:49:13 UTC 2001 

Q: I have "unapproved update" messages.  How do I stop these.

A: This indicates that you have a old version of named with known
security flaws, see http://www.isc.org/products/BIND/bind-security.html.
If you know that this is not a problem, i.e. your vendor has shipped you
a patched version, them apply the "denied update" solution below.

Q: I have "denied update" messages.  How do I stop these.

A: These are better stopped at the source.  The following link has
instructions on how to disable dynamic updates on Windows 2000 and
MacOS 9.  http://www.domainregistry.ie/tech/dynamic-dns.html

> 
> 
> Can anyone give any helpful answers:
> 
> I have been receiving upapproved updates from a IP on concentric.net, now
> xo.com and have been unable to get them to stop.  I have emailed
> abuse at xo.com, (3X) abuse at concentric.net,postmaster at speerfulvio.com and my
> ISP has done the same. They (xo) list a telephone number to call but
> suggest not calling it.  This is BIND related because this seems to be a
> misconfigured computer and BIND is distributed widely over Internet and
> subject to misconfigured computers everywhere.  This is not the only IP
> address I get unapproved updates from.  There is a cable modem that sends
> them every so often too.  Does anyone have any idea what sort of
> misconfiguration would cause someone to update my domain of fsp.com? It
> does not look like a Win2K computer but what else does pcanywhere run on?
> 
> Thomas Kellar
> -- 
> w8twk   Freelance Systems Programming   http://www.fsp.com
> ------------------------------------------------------------------------
> Feb 12 21:54:42 fsp named[7988]: unapproved update from [208.36.84.154].7525 
> for FSP.COM
> Feb 12 21:54:48 fsp named[7988]: unapproved update from [208.36.84.154].3222 
> for FSP.COM
>  [ ....   254 lines elided here .... ]
> Feb 13 09:16:34 fsp named[7988]: unapproved update from [208.36.84.154].5587 
> for FSP.COM
> Feb 13 09:17:45 fsp named[7988]: unapproved update from [208.36.84.154].4309 
> for FSP.COM
> 
> Starting nmap V. 2.52 by fyodor at insecure.org ( www.insecure.org/nmap/ )
> Interesting ports on mail.speerfulvio.com (208.36.84.154):
> (The 1515 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 23/tcp     open        telnet                  
> 25/tcp     open        smtp                    
> 80/tcp     open        http                    
> 110/tcp    open        pop-3                   
> 5631/tcp   open        pcanywheredata          
> 
> TCP Sequence Prediction: Class=trivial time dependency
>                          Difficulty=5 (Trivial joke)
> Remote operating system guess: Cisco Catalyst 1900 switch or Netopia DSL/ISDN
>  router or Bay 450
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 21 seconds
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list