Errors i am seeing in my named log file
Kevin Darcy
kcd at daimlerchrysler.com
Fri Apr 16 23:12:44 UTC 2004
Andrew wrote:
>Hi All,
>
>I seem to be running named correctly as a primary on my home network.
>This is done via a Redhat 7.2 machine. Couple of questions though. If
>i do a nslookup of an IP from an internal machine , lets say through
>dos, the first attempt always times out & then the second or third
>will resolve correctly. Is this normal?
>
An nslookup of _what_ IP? If it's a 192.168.*.* IP, then I'm not
surprised, since those don't -- and shouldn't --reverse-resolve sanely
on the Internet. Since you're using private (RFC 1918) 192.168.*.*
addressing, you should have a reverse zone defined for
168.192.in-addr.arpa in order to prevent such bogus lookups from
polluting the Internet DNS infrastructure.
If you mean some other reverse lookup, then I'd need more specifics in
order to determine why you might be experiencing timeouts.
>
>Also i am seeing a few of these in my log file. The second is my
>actual router so i dont know why this is being denied...
>security: info: client 192.88.193.144#1279: query 'eziekiel.com/IN'
>denied
>security: error: client 192.168.0.1#1030: update 'eziekiel.com/IN'
>denied
>
>
>What would this machine be trying to do. Is it trying to use my DNS
>server to do resolving for it ??.
>
No, the second message is an *update* attempt, not a regular query. The
default in your config is to deny those. Why would your router be trying
to update your DNS? I don't really know, I could only speculate. If it
has a dynamic WAN address, maybe it's configured to try and update DNS
(with a "default" DNS domain of "eziekiel.com" configured into it)
whenever it changes (????). Or maybe the Dynamic Update you're seeing
from the router was actually the NAT'ted version of a request that came
from the Internet (????). I don't even know what kind of router you
have, so I'm really grasping at straws here...
- Kevin
More information about the bind-users
mailing list