Solved

Odd Event Logs, 'update 'adomain.com/IN' denied'

Posted on 2007-11-20
5
1,101 Views
Last Modified: 2011-10-03
Error             client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error             client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error             client 83.170.31.199#1025: update 'adomain.com/IN' denied

We host 'adomain.com' we seem to be getting the above errors regularly in the Event Application Log

It looks like there is a process making a DNS request to the server. Can we block or stop the request, ideally before it gets to the event log, as it does fill it with errors.

Cheers
Mike
Error 		client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1025: update 'adomain.com/IN' denied
Information 	client 83.170.31.203#2255: updating zone 'adomain.com/IN': update unsuccessful: pc-niknami.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Information 	client 83.170.31.203#1791: updating zone 'adomain.com/IN': update unsuccessful: pc-niknami.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Information 	client 83.170.31.203#1651: updating zone 'adomain.com/IN': update unsuccessful: pc-niknami.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Error 		client 83.170.31.199#1026: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1026: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#22269: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#22269: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1025: update 'adomain.com/IN' denied
Information 	client 12.160.37.210#53882: notify question section contains no SOA
Error 		client 83.170.31.199#1136: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1136: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#22260: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#22266: update 'adomain.com/IN' denied
Information 	client 83.170.31.203#4040: updating zone 'adomain.com/IN': update unsuccessful: pc-salahmand.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Information 	client 83.170.31.203#4029: updating zone 'adomain.com/IN': update unsuccessful: pc-salahmand.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Error 		client 83.170.31.199#22263: update 'adomain.com/IN' denied
Error 		client 83.170.31.199#1025: update 'adomain.com/IN' denied

Open in new window

0
Comment
Question by:mike99c
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 20324777
It's telling you a non-domain computer is attempting to update a DNS record and is being denied.

It appears the name of the PC is "pc-nicknami" and "pc-salahmand".

It also doesn't look like an MS error - is this a BIND DNS server?
0
 

Author Comment

by:mike99c
ID: 20329981
Yes it is Bind, do you now how we can block the attempt, to stop it reaching the logs?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20330329
It's already being blocked.  The Events are just so you know.  Personally, I'd want to know rather than ignore it.

Are these machines yours?  Maybe over VPN or something similar?

It's possible machines that are not yours are being attached to the network - would this be a possibility?


0
 

Author Comment

by:mike99c
ID: 20331266
We host the domain but we don't know who's machines they are.
They are not connected over VPN.
Not sure what they are doing, but we get these events every hour and it does fill the log.
Would be good to stop them somehow.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20331322
On your firewall, block those 2 IP addresses or filter those ports out.  Right now it appears these two computers are attempting some sort of hack over multiple ports.  You should have some sort of filtering for inbound ports that are not required or an "allow" list of the few inbound that are.

Or notify the ISP that these guys are attempting to hack you.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question