Denied update

[Mark Damrose]

"Lisa Casey" <lisa at jellico.net> wrote in message
news:alio9h$228r$1 at isrv4.isc.org...
>
> Hi,
>
> Sorry about my earlier two posts. My computer was misbehaving.
> I fixed that... .
>
> I have a problem which I can't seem to resolve by going to the bat book,
so
> I'm hoping to get some help here. I'm running BIND 8.2.5-REL.
>
> We're hosting a virtual domain for a customer. He is running a Windows NT
> (or 2000, not entirely sure which) server at his office. He has begun
> running either a DNS server on that machine or a DHCP server (again, I'm
not
> sure if he is running one or the other or both). I'm seeing the following
in
> my logs:
>
> Sep  8 21:09:04 i2000 named[107]: denied update from
[216.170.250.164].2171
> for "oregansinc.com" IN
>
> Now if he is trying to pull the zone file for his domain from my DNS
server,
> that's fine with me. I thought (from the reading I've done) that Bind 8
> would allow zone transfers to anyone unless they were specifically denied.
> But, since I was seeing this message in my log, I edited /etc/named.conf
as
> so:

He's not trying to pull his zone file, he's trying to do a Dynamic DNS
update.  You do not allow Dynamic DNS updates - so it was denied.  Most
likely Win2000, which assume that all zones are run on MS servers and DDNS
is allowed.  Ask him to uncheck the box for Dynamic Updates on his server or
ignore these messages.

>
> zone "oregansinc.com" {
>         type master;
>         file "M/oregansinc.com.db";
>         allow-transfer { 208.254.209.226; 65.207.130.4; };
> };
>
> I'm still getting the same stuff in the logs though. You think maybe he's
> trying to do something with DHCP and not dns? Would that produce the same
> log message?
>
> Thanks,
>
> Lisa Casey, Webmaster
> Netlink 2000, Inc.
> lisa at jellico.net
>
>
>