BIND: "denied update from ..."


I have several domains hosted on my nameservers (BIND 8.x). Everything works fine, except that for one of those domains I have following records in my logfiles (both, on master and on slave):

On master:  >>>>>>>>>>>>>
Feb 28 10:53:35 nsmaster named[76]: denied update from [].2752 for "" IN
Feb 28 10:53:43 nsmaster named[76]: denied update from [].2758 for "" IN

On slave: >>>>>>>>>>>>>
Feb 28 11:05:14 nsslave named[94]: denied update from [].2759 for "" IN

Weird, that these messages are only for one domain and in the same time DNS database changes are transfered from master to slave.

Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

looks like some windows xp systems are trying register themselves on your dns servers.  this is default behaviour for them and it can be disabled.
More a question than an answer, but is [] the name of your slave DNS server? Do you run DHCP on it? Apart from windows and MacOSs, this is the other service which could try to update dns entries. Basically who is

According to RFC2136 (section 4.4 4.6 and 6, from what I gathered glancing over the rfc), slaves are supposed to forward updates to their master. Hence the duplicate, I suppose.
shiftedAuthor Commented:
Yes, slave in this case runs although a DHCP server. But the log entry is only for one domain, but on those servers there are several domains.

However, is it possible to turn off this slave desire to forward such updates?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Looking at bind 8 configuration doc, by default dynamic DNS updates are disabled on slave and masters. In bind9 there is an option allow-update-forwarding, but it is missing in bind 8. Do I get this right?
nsmaster : Master DNS server
nsslave [] : Slave DNS server and DHCP server
* : some distant network.

Then the question is what is the link between the DHCP server on nsslave and * And are there any lines 'ddns-<somthing>' lines in your dhcpd.conf? Note that dhcpd.conf man page gives a recipe to increase the logging of Bind. Might be useful to get more info:

insert in /etc/named.conf:
logging {
  channel update_debug {
     file "/var/log/update_debug";
     severity dynamic;
     print-severity yes;
     print-time yes; };
  category update { update_debug; };
and "touch /var/log/update_debug" to create the file.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
it's the server authoritative indeed ?
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.