BIND: "denied update from ..."

Posted on 2003-02-28
Medium Priority
Last Modified: 2013-12-23

I have several domains hosted on my nameservers (BIND 8.x). Everything works fine, except that for one of those domains I have following records in my logfiles (both, on master and on slave):

On master:  >>>>>>>>>>>>>
Feb 28 10:53:35 nsmaster named[76]: denied update from [s.la.ve.ip].2752 for "mydomain.net" IN
Feb 28 10:53:43 nsmaster named[76]: denied update from [s.la.ve.ip].2758 for "mydomain.net" IN

On slave: >>>>>>>>>>>>>
Feb 28 11:05:14 nsslave named[94]: denied update from [s.la.ve.ip].2759 for "mydomain.net" IN

Weird, that these messages are only for one domain and in the same time DNS database changes are transfered from master to slave.

Any ideas?
Question by:shifted
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8049491
looks like some windows xp systems are trying register themselves on your dns servers.  this is default behaviour for them and it can be disabled.

Expert Comment

ID: 8052609
More a question than an answer, but is [s.la.ve.ip] the name of your slave DNS server? Do you run DHCP on it? Apart from windows and MacOSs, this is the other service which could try to update dns entries. Basically who is s.la.ve.ip?

According to RFC2136 (section 4.4 4.6 and 6, from what I gathered glancing over the rfc), slaves are supposed to forward updates to their master. Hence the duplicate, I suppose.

Author Comment

ID: 8055485
Yes, slave in this case runs although a DHCP server. But the log entry is only for one domain, but on those servers there are several domains.

However, is it possible to turn off this slave desire to forward such updates?
7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.


Accepted Solution

Jaem earned 300 total points
ID: 8058054
Looking at bind 8 configuration doc, by default dynamic DNS updates are disabled on slave and masters. In bind9 there is an option allow-update-forwarding, but it is missing in bind 8. Do I get this right?
nsmaster : Master DNS server
nsslave [s.la.ve.ip] : Slave DNS server and DHCP server
*.mydomain.net : some distant network.

Then the question is what is the link between the DHCP server on nsslave and *.mydomain.net. And are there any lines 'ddns-<somthing>' lines in your dhcpd.conf? Note that dhcpd.conf man page gives a recipe to increase the logging of Bind. Might be useful to get more info:

insert in /etc/named.conf:
logging {
  channel update_debug {
     file "/var/log/update_debug";
     severity dynamic;
     print-severity yes;
     print-time yes; };
  category update { update_debug; };
and "touch /var/log/update_debug" to create the file.

Expert Comment

ID: 8523390
it's the server authoritative indeed ?

Expert Comment

ID: 9157084
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Make the most of your online learning experience.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question