Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Oct 2001 00:25:00 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        Kory Hamzeh <kory@avatar.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Repeating message from bind
Message-ID:  <20011014002500.B321@blossom.cjclark.org>
In-Reply-To: <000001c1545e$4fd4f520$14ce21c7@avatar.com>; from kory@avatar.com on Sat, Oct 13, 2001 at 08:14:18PM -0700
References:  <000001c1545e$4fd4f520$14ce21c7@avatar.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 13, 2001 at 08:14:18PM -0700, Kory Hamzeh wrote:
> 
> When I upgraded one of our servers from FBSD 2.2.2 to RELEASE-4.3, I get the
> following message from bind every 10 to 20 seconds with the source port
> increasing:
> 
> Oct 11 22:18:49 ns1 named[205]: denied update from [24.2.30.138].13046 for
> "avatar.com"
> 
> "avatar.com" is our domain. 24.2.30.138 seems to be a part of the home.com
> domain, but they are not my ISP. The interesting thing is that one of my
> secondaries is a part of home.com, but he doesn't have any problems doing
> zone transfers.
> 
> What does this message mean and how do I go about dealing with this? It if
> filling up the log files. I'm running named 8.2.3-REL.

IIRC, this sounds like some fun new behavior from our friends in
Redmond and their Windows 2000 product.

As for stopping it, there is not a whole lot you can do to actually
stop the remote machine from doing this. I see three obvious
possibilities. You can allow the updates, but since you don't seem to
know who this is, you probably do not want to do that. You can
firewall that machine and port, but you need to put a firewall machine
in between or enable firewalling on the DNS machine. Or you can fiddle
with syslog.conf(5).

Personally, I would try to find out who this 24.2.30.138 is (it might
be someone who has configured their machine to think it belongs in
avatar.com for some legit or semi-legit reason and just needs help
properly configuring their machine), and just live with the annoying
logs (fgrep -v 'denied update from [24.2.30.138]' /var/log/named.log).
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011014002500.B321>