meaning of "update forwarding xxx denied"?

Kevin Darcy kcd at chrysler.com
Fri Aug 29 00:59:37 UTC 2008 

What I mean is, the Dynamic Update might have been sent to a slave 
because the client failed over after trying to update the primary master.

This was in response to "... mainly used in a stealth master 
configuration". Sometimes it's a failover scenario instead of intended 
behavior.

                                                                         
            - Kevin

Mark Andrews wrote:
>> It can also happen if the primary master is unavailable or the update 
>> merely times out.
>>     
>
> 	No.  The message is a result of ACL processing.
>                                                                           
>   
>>          - Kevin
>>
>> Ben Croswell wrote:
>>     
>>> Update forwarding, as I understand it, is mainly used in a stealth master
>>> configuration. Rather than have DDNS updates go to the stealth master it
>>> goes a given DNS server and then that server is configured to forward the
>>> updates to the stealth master.  That way the general populace doesn't need
>>> to talk to your stealth master.
>>>
>>> On Thu, Aug 28, 2008 at 7:11 PM, Mike Diggins <diggins at mcmaster.ca> wrote:
>>>
>>>   
>>>       
>>>> I updated my secondary name server from BIND 9.3.5P1 to 9.4.2P2 (Solaris)
>>>> earlier this week without any problems. Today I updated the primary. All
>>>> is working, but I'm now logging these messages:
>>>>
>>>>        Aug 28 19:04:11 ns1 named[12157]: [ID 873579 local4.error] client
>>>>        172.26.20.34#53281: update forwarding 'xxx.mcmaster.ca/IN' denied
>>>>
>>>> This was not happening prior to the upgrade. I assume this an attempted
>>>> dynamic update? I'm not sure what the 'forwarding' part means. I also
>>>> don't know why it's now logging these messages, when I have:
>>>>
>>>>                category "update" { "null"; };
>>>>         
>
> 	Did you read CHANGES?
>
> 1301.   [func]          New category 'update-security'.
>
>   
>>>> in my named.conf. This used to suppress these messages (failed dynamic
>>>> updated anyway) - or is this something different? Any why don't I see any
>>>> of these messages logged on the secondary?
>>>>
>>>> BTW, we don't allow any sort of dynamic updates, but I understand that
>>>> Windows likes to try anyway. Some clarification would be appreciated.
>>>>
>>>> -Mike
>>>>
>>>>
>>>>
>>>>
>>>>     
>>>>         
>>>   
>>>       
>>

More information about the bind-users mailing list