How to stop unauthorized Dynamic Updates.
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sun Feb 16 06:54:13 UTC 2003
> My nameserver is getting bombarded with unauthorized dynamic updates.
> All of which are refused but still it's polluting my logs.
> Most of them from Windows 2000 machines always trying to take over the
> world.
>
> To prevent this constant hit of requests I was told to change the MNAME
> field in the SOA record to "localhost" (no trailing dot) and then also
> have an A record for "localhost" (no trailing dot) pointing at
> 127.0.0.1, and the traffic magically stops (coming to you anyway).
>
> E.g., domain.com zone file:
>
> $TTL 28800
> @ IN SOA localhost hostmaster.domain.com. 1 7200 3600 604800 600
> NS ns1.domain.com.
> NS ns2.domain.com.
>
> localhost A 127.0.0.1
> {other RR sets}
>
> Is this a valid solution? I know it works but it doesn't seem to be morally
> correct as it's supposed to hold the main (primary) authoritative server.
>
> Will this cause problems later on?
>
> Thanks for any help,
> -Steve
It will result in your master server receiving extra notify
messages. It will result in your slaves as well as the master
receiving dynamic update requests if you decide to turn it
on in the future.
The real fix is to turn off the requests of the machines that
are sending them.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list