How to stop unauthorized Dynamic Updates.
Steven Job
lists at winnie.tiggee.com
Sun Feb 16 01:34:00 UTC 2003
My nameserver is getting bombarded with unauthorized dynamic updates.
All of which are refused but still it's polluting my logs.
Most of them from Windows 2000 machines always trying to take over the
world.
To prevent this constant hit of requests I was told to change the MNAME
field in the SOA record to "localhost" (no trailing dot) and then also
have an A record for "localhost" (no trailing dot) pointing at
127.0.0.1, and the traffic magically stops (coming to you anyway).
E.g., domain.com zone file:
$TTL 28800
@ IN SOA localhost hostmaster.domain.com. 1 7200 3600 604800 600
NS ns1.domain.com.
NS ns2.domain.com.
localhost A 127.0.0.1
{other RR sets}
Is this a valid solution? I know it works but it doesn't seem to be morally
correct as it's supposed to hold the main (primary) authoritative server.
Will this cause problems later on?
Thanks for any help,
-Steve
More information about the bind-users
mailing list