Skip site navigation (1)Skip section navigation (2) 
Date:      15 Jan 2003 00:00:34 +0000
From:      Stacey Roberts <stacey@vickiandstacey.com>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: named messages in /var/log/messages
Message-ID:  <1042588833.51041.381.camel@localhost>
In-Reply-To: <20030114235015.GB22937@happy-idiot-talk.infracaninophi>
References:  <1042586630.51041.360.camel@localhost> <20030114235015.GB22937@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Matthew

On Tue, 2003-01-14 at 23:50, Matthew Seaman wrote:
> On Tue, Jan 14, 2003 at 11:23:51PM +0000, Stacey Roberts wrote:
> > Hello,
> >      I'm running bind in a sandbox as per the handbook. I've had this
> > set up and (presumably) working okay since FreeBSD 4.6 Stable, and have
> > today noticed these named entries in /var/log/messages:
> > 
> >  named[143]: denied update from [host_IP].1268 for
> > "1.168.192.in-addr.arpa" IN
> 
> Are you running a DHCP server? On Windows 2K?

There *is* a Win2K Pro box on the network here, no DHCP Server running,
though.

> 
> This is a host trying to insert a dynamic PTR record into your DNS.
> That is usually a function of a DHCP server, and can be configured if
> desired.  If you haven't configured dynamic DNS, then it's harmless
> apart from taking up space in your log files.
> 
> W2K is notable for shipping with the dynamic DNS stuff turned on.
> It's not just you: seems a lot of W2K machines try to update records
> in the root servers too... Search for 'Syslog Errors' in
> http://www.caida.org/outreach/presentations/ietf0112/dns.damage.html
> for the depressing statistics.
> 

Okay, I've managed to track this down. VPN testing is was being done at
the time from that Win2K box to a remote site running RRAS VPN Server on
Win2K Server.

Seems that RRAS dynamically assigns IP's from a static table of
addresses to incoming connections over the VPN. And as the VPN emanates
from the same subnet locally, my DNS server was seeing that traffic. At
least that's what it would appear to be happening, given your
suggestions.

Let me know if I have this right, okay?

Thanks again for the information!

Regards,

Stacey

> 	Cheers,
> 
> 	Matthew
-- 
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042588833.51041.381.camel>