Something is trying to update one of my domains...

Michelle Konzack linux4michelle at gmail.com
Sun Dec 24 12:55:38 UTC 2017 

Hello Grant,

On 2017-12-23 23:32:16 Grant Taylor via bind-users hacked into the keyboard:
> On 12/23/2017 11:07 PM, Michelle Konzack wrote:
> >I have just discovered several entries of
> >
> >Dec 24 06:26:49 dns1 named[16591]: update-security: error: client
> >+37.157.109.77#2936: update 'tdnet.eu/IN' denied
> >
> >Which is realy bizzar, because this is the 4G/LTE IP of my
> >ThinkPad T400 with Windows 7 Home Edition installed...
> 
> Does Windows think it's FQDN is <NetBIOS name>.tdnet.eu?

I do not know.

The last three Windows versions I was using where NT 3.51, NT 4.0 and
WfW 3.11.  I have absolutely no clue how Windows today is working.

The only thing is that Windows has cost me thos month 40€ of GSM traffic
which I was not aware of it. Windows downloaded without any intervention
12 GByte.  and also it does not accept the providd Registration Key  (My
ThinkPad T400 is a refurbished one and has an OEM version  of  Windows 7
for refurbished Computers which is written on the M$ sticker).

> >Can someone give me a hint what is trying to update  my
> ><tdnet.eu> and only this one?
> 
> It sounds like it's trying to do a Dynamic DNS update to the MNAME
> server listed in the SOA record, namely dns1.tamay-dogan.net.

Aha, the question is: How has Windows 7 choosen tdnet.eu?

OK, the Compaq CQ58 (Debian GNU/Linux)  has  a  local  DNS  which  know,
the IP Address <192.168.0.202> (my Lenovo ThinkPad T400)  has  the  name
<t400.hosts.tdnet.eu> while the broken Compaq CQ58  has  <192.168.0.201>
and <cq58.hosts.tdnet.eu>. <192.168.0.1> it the ZyXel LTE3311.

So, if Windows 7 know about too, it sucks, if it want to to  update  an
already given DN.

> >In the logfiles I do not find more infos.
> 
> Run a packet sniffer on your ThinkPad and see what it's trying to
> do. If it is what I think it is, you can probably cause it to
> attempt to happen by restarting the NetLogon and / or Workstation
> service.
> 
> Note:  This is one of the reasons to use a sub-domain for office
> networks, particularly with Windows machines.

Exact.  Once my Farm-House (I have a Bio Farm in Estonia)  is  complete,
the local Network get the subdomain <mma.tdnet.eu> where I also have  an
24/7 running intranet server with bind9

I know this problems since MANY years.

Thanks for your Help
and Mery X-Mas

-- 
Michelle Konzack        Miila ITSystems @ TDnet
GNU/Linux Developer     00372-54541400
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171224/4139a54a/attachment.bin>

More information about the bind-users mailing list