Denied update
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Sep 9 21:52:28 UTC 2002
Lisa Casey <lisa at jellico.net> wrote:
> Hi,
> Sorry about my earlier two posts. My computer was misbehaving.
> I fixed that... .
> I have a problem which I can't seem to resolve by going to the bat book, so
> I'm hoping to get some help here. I'm running BIND 8.2.5-REL.
> We're hosting a virtual domain for a customer. He is running a Windows NT
> (or 2000, not entirely sure which) server at his office. He has begun
> running either a DNS server on that machine or a DHCP server (again, I'm not
> sure if he is running one or the other or both). I'm seeing the following in
> my logs:
> Sep 8 21:09:04 i2000 named[107]: denied update from [216.170.250.164].2171
> for "oregansinc.com" IN
> Now if he is trying to pull the zone file for his domain from my DNS server,
> that's fine with me. I thought (from the reading I've done) that Bind 8
> would allow zone transfers to anyone unless they were specifically denied.
> But, since I was seeing this message in my log, I edited /etc/named.conf as
> so:
> zone "oregansinc.com" {
> type master;
> file "M/oregansinc.com.db";
> allow-transfer { 208.254.209.226; 65.207.130.4; };
> };
> I'm still getting the same stuff in the logs though. You think maybe he's
> trying to do something with DHCP and not dns? Would that produce the same
> log message?
Your client has "upgraded" to w2k / XP, both assumes that sending
dns update packets is an appropiate behaviour.
It can be removed by editing the registry. It's not your problem,
and it will most likley not affect your DNS server ( except for filling
your logs) as long as you dont permit him to actually update.
> Thanks,
> Lisa Casey, Webmaster
> Netlink 2000, Inc.
> lisa at jellico.net
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list