mike99c
asked on
Odd Event Logs, 'update 'adomain.com/IN' denied'
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#1025: update 'adomain.com/IN' denied
We host 'adomain.com' we seem to be getting the above errors regularly in the Event Application Log
It looks like there is a process making a DNS request to the server. Can we block or stop the request, ideally before it gets to the event log, as it does fill it with errors.
Cheers
Mike
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#1025: update 'adomain.com/IN' denied
We host 'adomain.com' we seem to be getting the above errors regularly in the Event Application Log
It looks like there is a process making a DNS request to the server. Can we block or stop the request, ideally before it gets to the event log, as it does fill it with errors.
Cheers
Mike
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#1025: update 'adomain.com/IN' denied
Information client 83.170.31.203#2255: updating zone 'adomain.com/IN': update unsuccessful: pc-niknami.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Information client 83.170.31.203#1791: updating zone 'adomain.com/IN': update unsuccessful: pc-niknami.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Information client 83.170.31.203#1651: updating zone 'adomain.com/IN': update unsuccessful: pc-niknami.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Error client 83.170.31.199#1026: update 'adomain.com/IN' denied
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#1026: update 'adomain.com/IN' denied
Error client 83.170.31.199#22269: update 'adomain.com/IN' denied
Error client 83.170.31.199#22269: update 'adomain.com/IN' denied
Error client 83.170.31.199#1025: update 'adomain.com/IN' denied
Information client 12.160.37.210#53882: notify question section contains no SOA
Error client 83.170.31.199#1136: update 'adomain.com/IN' denied
Error client 83.170.31.199#1136: update 'adomain.com/IN' denied
Error client 83.170.31.199#22260: update 'adomain.com/IN' denied
Error client 83.170.31.199#1130: update 'adomain.com/IN' denied
Error client 83.170.31.199#22266: update 'adomain.com/IN' denied
Information client 83.170.31.203#4040: updating zone 'adomain.com/IN': update unsuccessful: pc-salahmand.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Information client 83.170.31.203#4029: updating zone 'adomain.com/IN': update unsuccessful: pc-salahmand.adomain.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Error client 83.170.31.199#22263: update 'adomain.com/IN' denied
Error client 83.170.31.199#1025: update 'adomain.com/IN' denied
ASKER
Yes it is Bind, do you now how we can block the attempt, to stop it reaching the logs?
It's already being blocked. The Events are just so you know. Personally, I'd want to know rather than ignore it.
Are these machines yours? Maybe over VPN or something similar?
It's possible machines that are not yours are being attached to the network - would this be a possibility?
Are these machines yours? Maybe over VPN or something similar?
It's possible machines that are not yours are being attached to the network - would this be a possibility?
ASKER
We host the domain but we don't know who's machines they are.
They are not connected over VPN.
Not sure what they are doing, but we get these events every hour and it does fill the log.
Would be good to stop them somehow.
They are not connected over VPN.
Not sure what they are doing, but we get these events every hour and it does fill the log.
Would be good to stop them somehow.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It appears the name of the PC is "pc-nicknami" and "pc-salahmand".
It also doesn't look like an MS error - is this a BIND DNS server?