Logging Options / Setting Question.

Jack Sasportas jack at innovativeinternet.com
Tue Mar 26 18:51:29 UTC 2002 

I understand why we get the message, and on the windows side and how to
correct the message, my problem is getting bind to tell me what domain
the ip number is trying to update ( not necesarily the reverse of that
ip )
In my example I showed the bind 8 message -vs- bind 9 and it is much
more informative.

Any ideas on setting that logging option are greatly appreciated!

Thanks !

Barry Finkel wrote:
> 
> Jack Sasportas <jack at innovativeinternet.com> wrote:
> 
> >In versions of bind 8 when someone's winblows box used to try and update
> >our DNS server it would tell us the domain name in the log file the via
> >following message:
> >
> > denied update from [66.203.135.130].1316 for theirdomainname.com
> >
> >but under 9 I only get
> >
> >Mar 22 09:18:32 neptune named[3559]: client 208.244.172.139#3401: update
> >denied
> >Mar 22 09:19:21 neptune named[3559]: client 216.151.109.210#14242:
> >update denied
> >
> >Also something which my not be related is
> >
> >Mar 22 09:18:31 neptune named[3559]: dynamic update failed: 'RRset
> >exists (value dependent)' prerequisite not satisfied (NXRRSET)
> >
> >
> >So my question is 2 fold, 1 are the 2 messages related ?
> >and 2 how can I get the logging to provide me that extra information so
> >that we can tell the people to change their Win2K settings?
> 
> For the second message, see RFC 2136 (DDNS) for a description of
> NXRRSET.  Essentially, a pre-req to a DDNS update was not satisfied,
> so the DDNS update did not take place.
> 
> As for changing the W2k settings, all you need is in the messages.
> The IP address of the machine that sent the DDNS packet is in the
> error message.  It is that machine that needs the TCP/IP properties
> changed.
> 
>     Self-registration is set by default in Windows 2000; it can be
>     turned off via:
> 
>          Start
>               Settings
>                     Network and Dialup
>                           Local Area
>                                 Properties
>                                      Adapter
>                                           Protocols
>                                                TCP/IP
>                                                     Advanced
>                                                          DNS
>          The "Register this name" box should NOT be checked.
>          With SP1 you do not need to reboot to have this setting
>          take effect.
> 
>     If self-registration fails, then subsequent attempts are made at
>     these intervals - 5 minutes, 10 minutes, 60 minutes, 5 minutes, ...
>     If self-registration succeeds, then self-registration will again be
>     attempted in 24 hours (I believe), as MS for some reason does not
>     expect that the registration will remain in DNS.
> 
>     MS article Q294832 describes how to disable DDNS globally.  Note
>     that the global disabling works only on new computers in the Windows
>     2000 domain; existing computers that have DDNS enabled will not be
>     affected by this global disabling.
> 
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994

-- 
___________________________________________________________
Jack Sasportas
Innovative Internet Solutions 
Phone 305.665.2500	
Fax 305.665.2551	
www.innovativeinternet.com
www.web56.net

More information about the bind-users mailing list