denied updates wiredness

Brad Knowles brad.knowles at skynet.be
Thu Jul 26 05:57:27 UTC 2001 

At 8:23 PM -0500 7/25/01, Hannah O Day wrote:

>  I searched the archive, but couldn't find any answer.  I have a master and
>  a slave.  THe master is configured only accept updates from two dhcp
>  servers and from itself.

	Hopefully, they are defined to require a key, and not by IP address.

>                            Other then that  the master is completely
>  invisible to the rest of the world.   What's strange is that I see lots of
>  individuals who are using static ips and some dns servers that are only
>  supposed to do zone transfer off my slave are trying to send update to the
>  master.  Of course, the master is denying them.  But they just keep coming,
>  full up the syslog.  Could anyone tell what's going on?

	Well, either the master is defined in the DNAME field of your 
SOA, or the DHCP servers are forwarding the updates that they are 
receiving from other machines (because the other machines think that 
the DHCP servers are the master and send their updates to them, but 
the DHCP servers know better and forward those updates to the real 
master).

	If the DHCP servers had been defined by IP address, then once 
they forwarded the updates, those would be accepted because the 
master would only be able to see that they had come from the DHCP 
servers and not the original updater.  This is why you want to make 
sure that you allow updates only by key, because in that case the key 
information from the original updater will also be forwarded, and 
that way you can detect the difference between an update that 
actually originated on the DHCP server and one that the DHCP server 
merely forwarded on.


	Basically, this is normal.  There's not anything you can do about 
it unless you fix all the clients to stop trying to update your 
servers.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA

More information about the bind-users mailing list