Logging Options / Setting Question.

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Mar 26 16:43:04 UTC 2002 

Jack Sasportas <jack at innovativeinternet.com> wrote:

>In versions of bind 8 when someone's winblows box used to try and update
>our DNS server it would tell us the domain name in the log file the via
>following message:
>
> denied update from [66.203.135.130].1316 for theirdomainname.com
>
>but under 9 I only get 
>
>Mar 22 09:18:32 neptune named[3559]: client 208.244.172.139#3401: update
>denied
>Mar 22 09:19:21 neptune named[3559]: client 216.151.109.210#14242:
>update denied
>
>Also something which my not be related is 
>
>Mar 22 09:18:31 neptune named[3559]: dynamic update failed: 'RRset
>exists (value dependent)' prerequisite not satisfied (NXRRSET)
>
>
>So my question is 2 fold, 1 are the 2 messages related ?
>and 2 how can I get the logging to provide me that extra information so
>that we can tell the people to change their Win2K settings?

For the second message, see RFC 2136 (DDNS) for a description of 
NXRRSET.  Essentially, a pre-req to a DDNS update was not satisfied,
so the DDNS update did not take place.

As for changing the W2k settings, all you need is in the messages.
The IP address of the machine that sent the DDNS packet is in the
error message.  It is that machine that needs the TCP/IP properties
changed.

    Self-registration is set by default in Windows 2000; it can be 
    turned off via:

         Start
              Settings
                    Network and Dialup
                          Local Area
                                Properties
                                     Adapter
                                          Protocols
                                               TCP/IP
                                                    Advanced
                                                         DNS
         The "Register this name" box should NOT be checked.
         With SP1 you do not need to reboot to have this setting
         take effect.

    If self-registration fails, then subsequent attempts are made at
    these intervals - 5 minutes, 10 minutes, 60 minutes, 5 minutes, ...
    If self-registration succeeds, then self-registration will again be
    attempted in 24 hours (I believe), as MS for some reason does not
    expect that the registration will remain in DNS.

    MS article Q294832 describes how to disable DDNS globally.  Note
    that the global disabling works only on new computers in the Windows
    2000 domain; existing computers that have DDNS enabled will not be
    affected by this global disabling.

----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list