Logging Question
Kenneth Kalan
kgk at northwestern.edu
Wed Apr 3 15:48:43 UTC 2002
I've recently upgraded to bind 9.2.0 (was using the last version of the 4
series).
I've noticed my logs getting full of
Apr 3 09:35:29 barney named[379]: [ID 866145 local3.error] client
{ip-address-of-client}
1#1474: update '{domain-name}/IN' denied
This seems to be from Win 2K machines trying to update the DNS, which they
are set to do by default (windows default, not mine), but are not allowed
to. I've searched through the archives trying to find the solution. No
one seemed to have an answer except to modify the source code and recompile.
I did, however, find this one link
http://www.acmebw.com/askmrdns/archive.php?category=83&question=603 from
ask Mr DNS.
Here is a copy:
---
> Does Dynamic DNS access a port other than the standard DNS ports?
No.
> I'd like
> to be able to block it at the router and/or firewall. My logs get filled
> with "update denied" entries and I certainly don't want any updates to be
> successful.
Change the MNAME field of your SOA record to "localhost" and include a
"localhost" in the zone that points to 127.0.0.1. That's a clever way to
make W2K (almost certainly the source) stop sending dynamic updates to your
server without having to find and reconfigure each one that is sending the
updates. And you may want to support the feature once BIND understands
W2K's GSS-TSIG flavor of signed dynamic updates.
Your only other alternative is to hide the update log messages by either
altering the BIND source code to just not log that warning and recompile,
or use a logging statement to send all messages of the category "security"
to "null".
---
So it appears that if I change the top line in my zone files, from
"ns.mydomain.com" to "localhost" and put "localhost" in the PTR of 127.0.0.1.
Am I reading this correctly? Has anyone tried this? Are there any
problems with doing this?
Thanks.
Ken
Kenneth Kalan
McCormick School of Engineering and Applied Science
Technical Support Consultant
kgk at northwestern.edu
More information about the bind-users
mailing list