Security Error

Barry Margolin barmar at alum.mit.edu
Sat Jan 28 06:02:17 UTC 2006 

In article <drcdiv$i2k$1 at sf1.isc.org>,
 Josh Hyles <josh.maillists at gmail.com> wrote:

> its actually blank. I mean, i dont have an allow-update. All the other
> domains work fine though and they dont have allow-update statements.

The default is that dynamic updates are not allowed.  So the "update 
denied" messages are normal if there's a client trying to perform an 
update.

> Here is some of the stuff from the log that shows me the other domains
> are working fine..
> 
> 23-Jan-2006 12:48:49.571 notify: info: zone
> wisdomofwellnessproject.com/IN/external: sending notifies (serial
> 2004050801)
> 23-Jan-2006 12:48:50.571 notify: info: client 12.45.64.7#4634: view
> external: received notify for zone 'theborgata.org'
> 23-Jan-2006 12:48:51.071 notify: info: client 12.45.64.7#4634: view
> external: received notify for zone 'braithwaiteart.com'
> 23-Jan-2006 12:48:51.540 xfer-out: info: client 216.117.131.89#2183:
> view external: transfer of 'grinn.net/IN': AXFR-style IXFR started
> 23-Jan-2006 12:48:51.540 xfer-out: info: client 216.117.131.89#2183:
> view external: transfer of 'grinn.net/IN': AXFR-style IXFR ended

There aren't any update attempts in those messages.

> now i'm completely lost actually. I see these logs on NS1... how is it
> receiving notifies? I also just noticed this...

Notifies have nothing to do with dynamic updates.  Notifies are sent by 
a master server to the slave servers, to tell them that you've reloaded 
the zone and they should perform a zone transfer.  Updates are sent by 
individual PC's or servers like Active Directory, to add or delete 
individual records in your zones on the fly.

> 
> 26-Jan-2006 22:06:46.618 xfer-out: info: client 15.243.224.31#37832:
> view external: transfer of 'goatinatree.com/IN': AXFR started
> 26-Jan-2006 22:06:46.618 xfer-out: info: client 15.243.224.31#37832:
> view external: transfer of 'goatinatree.com/IN': AXFR ended
> 26-Jan-2006 23:01:23.040 update-security: error: client
> 12.45.64.7#1031: view external: update 'goatinatree.com/IN' denied
> 
> So I must be wrong, they must be for different things, I thought the
> error was in place of the starting and stopping of a transfer.

Yes, they're different things.  The "denied" message means that some 
random machine 12.45.64.7 is trying to modify something in the 
goatinatree.com domain.  It could be a PC that just got its address 
using DHCP, and is trying to create a DNS entry for itself.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list