Security Error
Barry Margolin
barmar at alum.mit.edu
Sat Jan 28 06:02:17 UTC 2006
In article <drcdiv$i2k$1 at sf1.isc.org>,
Josh Hyles <josh.maillists at gmail.com> wrote:
> its actually blank. I mean, i dont have an allow-update. All the other
> domains work fine though and they dont have allow-update statements.
The default is that dynamic updates are not allowed. So the "update
denied" messages are normal if there's a client trying to perform an
update.
> Here is some of the stuff from the log that shows me the other domains
> are working fine..
>
> 23-Jan-2006 12:48:49.571 notify: info: zone
> wisdomofwellnessproject.com/IN/external: sending notifies (serial
> 2004050801)
> 23-Jan-2006 12:48:50.571 notify: info: client 12.45.64.7#4634: view
> external: received notify for zone 'theborgata.org'
> 23-Jan-2006 12:48:51.071 notify: info: client 12.45.64.7#4634: view
> external: received notify for zone 'braithwaiteart.com'
> 23-Jan-2006 12:48:51.540 xfer-out: info: client 216.117.131.89#2183:
> view external: transfer of 'grinn.net/IN': AXFR-style IXFR started
> 23-Jan-2006 12:48:51.540 xfer-out: info: client 216.117.131.89#2183:
> view external: transfer of 'grinn.net/IN': AXFR-style IXFR ended
There aren't any update attempts in those messages.
> now i'm completely lost actually. I see these logs on NS1... how is it
> receiving notifies? I also just noticed this...
Notifies have nothing to do with dynamic updates. Notifies are sent by
a master server to the slave servers, to tell them that you've reloaded
the zone and they should perform a zone transfer. Updates are sent by
individual PC's or servers like Active Directory, to add or delete
individual records in your zones on the fly.
>
> 26-Jan-2006 22:06:46.618 xfer-out: info: client 15.243.224.31#37832:
> view external: transfer of 'goatinatree.com/IN': AXFR started
> 26-Jan-2006 22:06:46.618 xfer-out: info: client 15.243.224.31#37832:
> view external: transfer of 'goatinatree.com/IN': AXFR ended
> 26-Jan-2006 23:01:23.040 update-security: error: client
> 12.45.64.7#1031: view external: update 'goatinatree.com/IN' denied
>
> So I must be wrong, they must be for different things, I thought the
> error was in place of the starting and stopping of a transfer.
Yes, they're different things. The "denied" message means that some
random machine 12.45.64.7 is trying to modify something in the
goatinatree.com domain. It could be a PC that just got its address
using DHCP, and is trying to create a DNS entry for itself.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list