denied update from win2k

Kevin Darcy kcd at daimlerchrysler.com
Mon Feb 26 23:45:22 UTC 2001 

Lookman Fazal wrote:

> Thanks for the advice
>
> Just to further clear my question.  The zone win2k.mycompany.com is
> exclusively for win2k machines only.
>
> You mentioned about allow-update.  What is the syntax for doing that in the db
> file?

You don't do that in the db file. You do it in the named.conf file, inside the
zone { } statement. See the named.conf documentation for details.

> In other words the errors which I am seeing on my bind server
> denied update from [135.10.10.10].1421 for "10.135.in-addr.arpa
>
> I want to allow/authorize it

Then add an allow-update to the zone { } statement for 10.135.in-addr.arpa.

But, as I pointed out earlier, not only will this put your 10.135.in-addr.arpa
zone completely at the mercy of Win2K, it means that *all* updates to
10.135.in-addr.arpa -- even for non-Win2K machines -- will need to be done via
Dynamic Update from now on. Be sure you understand the tradeoffs before you add
that allow-update...


- Kevin

> Kevin Darcy wrote:
>
> > You have delegated "win2k.mycompany.com" to some machine called
> > "test2.win2k.mycompany.com", which has an address in the 135.10.*.*
> > address range.
> >
> > This in no way authorizes any particular machine to Dynamically Update the
> > 10.135.in-addr.arpa zone.
> >
> > If you don't mind giving Win2K clients and/or Win2K DHCP servers free run
> > of your 10.135.in-addr.arpa zone, then just put an allow-update in the
> > zone definition. But think very carefully before you do this, because once
> > it's done, practically speaking you then have to make *all* updates to
> > that zone -- including updates for non-Win2K boxes, if any -- via Dynamic
> > Update. It's not possible to mix Dynamic Update and manual update in the
> > same zone reliably (short of stopping the nameserver during every manual
> > update).
> >
> > - Kevin
> >
> > Lookman Fazal wrote:
> >
> > > Hello All
> > >
> > > We have a win2k machine which has intergrated dns with AD.  It uses the
> > > prefered server as my bind(8.2.3) server.
> > >
> > > In my bind, the master zone file mycompany.com.db has the following
> > > entry
> > >
> > > win2k       IN      NS      test2.win2k.mycompany.com.
> > > test2.win2k.mycompany.com.          IN      A       135.10.10.10
> > >
> > > Where win2k is the zone where all win2k machines are residing
> > >
> > > In the log files of my bind server, I see the following error messages
> > >
> > > denied update from [135.10.10.10].1421 for "10.135.in-addr.arpa
> > >
> > > --please help
> > >
> > > fazall

More information about the bind-users mailing list