Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


BIND: "denied update from ..."

Posted on 2003-02-28
Medium Priority
Last Modified: 2013-12-23

I have several domains hosted on my nameservers (BIND 8.x). Everything works fine, except that for one of those domains I have following records in my logfiles (both, on master and on slave):

On master:  >>>>>>>>>>>>>
Feb 28 10:53:35 nsmaster named[76]: denied update from [s.la.ve.ip].2752 for "mydomain.net" IN
Feb 28 10:53:43 nsmaster named[76]: denied update from [s.la.ve.ip].2758 for "mydomain.net" IN

On slave: >>>>>>>>>>>>>
Feb 28 11:05:14 nsslave named[94]: denied update from [s.la.ve.ip].2759 for "mydomain.net" IN

Weird, that these messages are only for one domain and in the same time DNS database changes are transfered from master to slave.

Any ideas?
Question by:shifted

Expert Comment

ID: 8049491
looks like some windows xp systems are trying register themselves on your dns servers.  this is default behaviour for them and it can be disabled.

Expert Comment

ID: 8052609
More a question than an answer, but is [s.la.ve.ip] the name of your slave DNS server? Do you run DHCP on it? Apart from windows and MacOSs, this is the other service which could try to update dns entries. Basically who is s.la.ve.ip?

According to RFC2136 (section 4.4 4.6 and 6, from what I gathered glancing over the rfc), slaves are supposed to forward updates to their master. Hence the duplicate, I suppose.

Author Comment

ID: 8055485
Yes, slave in this case runs although a DHCP server. But the log entry is only for one domain, but on those servers there are several domains.

However, is it possible to turn off this slave desire to forward such updates?
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.


Accepted Solution

Jaem earned 300 total points
ID: 8058054
Looking at bind 8 configuration doc, by default dynamic DNS updates are disabled on slave and masters. In bind9 there is an option allow-update-forwarding, but it is missing in bind 8. Do I get this right?
nsmaster : Master DNS server
nsslave [s.la.ve.ip] : Slave DNS server and DHCP server
*.mydomain.net : some distant network.

Then the question is what is the link between the DHCP server on nsslave and *.mydomain.net. And are there any lines 'ddns-<somthing>' lines in your dhcpd.conf? Note that dhcpd.conf man page gives a recipe to increase the logging of Bind. Might be useful to get more info:

insert in /etc/named.conf:
logging {
  channel update_debug {
     file "/var/log/update_debug";
     severity dynamic;
     print-severity yes;
     print-time yes; };
  category update { update_debug; };
and "touch /var/log/update_debug" to create the file.

Expert Comment

ID: 8523390
it's the server authoritative indeed ?

Expert Comment

ID: 9157084
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question