meaning of "update forwarding xxx denied"?

Mike Diggins diggins at McMaster.CA
Fri Aug 29 00:31:31 UTC 2008 

ok, I suppose that's what I have, a stealth master. My master is hidden 
and only feeds the two slaves (what I called my primary and secondary). My 
clients don't (can't) talk directly to the master. So assuming this is 
expected behavior, can I somehow turn this off at the server end or 
disable the logging of that message through the BIND configuration? What 
changed in BIND 9.4 that I'm now seeing this? I should add that it's 
impossible to stop my clients from trying to dynamic update.

-Mike


On Thu, 28 Aug 2008, Ben Croswell wrote:

> Update forwarding, as I understand it, is mainly used in a stealth master
> configuration. Rather than have DDNS updates go to the stealth master it
> goes a given DNS server and then that server is configured to forward the
> updates to the stealth master.  That way the general populace doesn't need
> to talk to your stealth master.
>
> On Thu, Aug 28, 2008 at 7:11 PM, Mike Diggins <diggins at mcmaster.ca> wrote:
>
>>
>> I updated my secondary name server from BIND 9.3.5P1 to 9.4.2P2 (Solaris)
>> earlier this week without any problems. Today I updated the primary. All
>> is working, but I'm now logging these messages:
>>
>>        Aug 28 19:04:11 ns1 named[12157]: [ID 873579 local4.error] client
>>        172.26.20.34#53281: update forwarding 'xxx.mcmaster.ca/IN' denied
>>
>> This was not happening prior to the upgrade. I assume this an attempted
>> dynamic update? I'm not sure what the 'forwarding' part means. I also
>> don't know why it's now logging these messages, when I have:
>>
>>                category "update" { "null"; };
>>
>> in my named.conf. This used to suppress these messages (failed dynamic
>> updated anyway) - or is this something different? Any why don't I see any
>> of these messages logged on the secondary?
>>
>> BTW, we don't allow any sort of dynamic updates, but I understand that
>> Windows likes to try anyway. Some clarification would be appreciated.
>>
>> -Mike
>>
>>
>>
>>
>
>
> -- 
> -Ben Croswell
>
>
>
>


             _________________________________________

Mike Diggins       			Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.528.3773
University Technology Services 		E-Mail: diggins at mcmaster.ca
McMaster University, Hamilton, Ontario

More information about the bind-users mailing list