preventing "update denied" (was 9.3.1 logging)
Danny Thomas
d.thomas at its.uq.edu.au
Sun Dec 11 02:31:30 UTC 2005
At 02:04 AM 12/10/2005, Janet Dueck wrote:
> We are running 9.3.1 on solaris 9. I am seeing a lot of the
>following errors in the syslogs and would like to redirect these
>messages to a separate file.
>
>Dec 9 22:41:39 whistler named[3624]: [ID 866145 daemon.error]
>client 209.87.58.167#2878: update 'labs.surrey.sfu.ca/IN' denied
>
>Does anyone know the specific logging category for these messages?
another approach possible if your don't use Dynamic DNS anyway, is
to set zone mnames to a name without an A record. We use
uq.edu.au. 86400 IN SOA noddns.cc.uq.edu.au. ...
with
noddns.cc.uq.edu.au. 86400 IN TXT "Dynamic updates not permitted"
ActiveDirectory service sub-zones, _msdcs, _sites, _tcp, _udp, etc
are created with an mname of our master name-server.
I remeber several people recommending a similar approach in the years
since AD was released. Often the suggestion has been to use a name
resolving to localhost or some unreachable address, or even a host
that won't run a name-server, but we think it slightly cleaner having
the mname simply not resolving to an A/AAAA record.
Danny
--
d.thomas at its.uq.edu.au Danny Thomas,
+61-7-3365-8221 Software Infrastructure,
http://www.its.uq.edu.au ITS, The University of Queensland
More information about the bind-users
mailing list