Why ? denied update from [61.142.41.96].2697 for "proulx.com" IN

Bob Proulx bob at proulx.com
Sun Jun 23 20:44:24 UTC 2002 

> Could be malicious, or they could be a network of W2K machines
> which have used your domain name by accident.  With two adjacent
> class C networks I'd bet on incompetence first before
> conspiracy. 

I am favoring accident and incompetence.  However that is a pretty odd
accident.  But given enough domain names and enough lusers the
statistical anomaly is less and less an anomaly.

> Another approach if you don't use Dynamic DNS on the Internet

No dynamic dns here.

> side would be to change your SOA record so the primary name
> server reported to them maps to a different address (not

I saw that mentioned in another posting.  But frankly I did not
understand it.  If I redirect the name servers off into space that
would break others that are accessing my domain.  I am sure I am
completely misunderstanding the concept here.

> joseki). Which will save you the bandwidth, not that I'm adverse
> to stopping inappropriate traffic at the firewall as well.

It is also odd that only one of the two name servers are seeing this.
They have locked into joseki but not the others.  Sounds like a w2k
misfeature.

> Your surname doesn't mean something in Chinese does it?

Not that I am aware of.  It is French.  My family came to the US
through Canada.

Here is a point that I read from your message that I did not know
before.  If a ms-w2k machine is set to a domain name such as at the
DHCP server then by default when it uses DHCP to gain an address it
will try to use Dynamic DNS to update the nameserver for that domain
with its new address?  And therefore a likely case is that someone has
set up a w2k network with a DHCP server and set the domain name the
same as served by my servers.  At every boot they try to do a Dynamic
DNS update as configured by w2k by default.  They probably think they
are on a private lan without repercussions beyond their own local
network.  They may even have been and just recently attached to the
global Internet.  That is a very useful insight into this problem.  It
explains the root cause of the problem.  Thank you very much for that.

Thanks
Bob

More information about the bind-users mailing list