Getting "unapproved update from" slave servers

Guy Lancaster glanca at gesn.com
Wed Aug 25 18:14:59 UTC 1999 

  Following up on my previous post, thanks for all the
suggestions.  We do in fact have some NT boxes but they're all
(as far as I know) running NT4.0 (not NT5 Beta) and the source
of the messages seems to be the slave DNS servers running
Linux.

  However, looking at the logs of the slaves I see examples of:

Aug 25 11:13:42 ns named[256]: Err/TO getting serial# for
"4.168.192.IN-ADDR.ARPA"

that seem to correspond to the unapproved update messages on
the master.  It would appear that the master sees the serial
number requests as being updates and is refusing them but this
makes no sense.  On the master I'm also getting:

Aug 25 08:52:14 lucy named[447]:
stream_getlen([192.168.4.1].8211): Broken pipe
Aug 25 08:53:17 lucy named[447]: unapproved update from
[192.168.3.128].64446 for 3.168.192.in-addr.arpa

that correspond to the different slave servers.  Any ideas?
DNS and zone transfers seem to be working properly but these
messages bother me.  Could it be confusion between the private
and public IP's on the servers?  I'll append sample zone
records below.

         Guy
---
Guy Lancaster wrote:

>   I'm fairly new to setting up DNS servers.  I'm running
> Bind 8.2.6 on Redhat 6.0 on 3 machines.  Everything seemed
> fine for a few days and then today in the master server's
> log messages I'm getting "unapproved update from" the slave
> name servers on several zones.
>
>   I should only be getting requests for serial numbers and
> zone transfers from the slaves.  What's happening?
>
>   I am using allow-query and allow-transfer clauses in my
> named.conf files.  All of these include the addresses for
> the master server.
>

---
On the master serving 204.244.152.33 and 192.168.4.17:
zone "4.168.192.IN-ADDR.ARPA" {
        type master;
        file "db.192.168.4";
        allow-query { 127.0.0.1; 192.168/16; 204.244.152.32/28;
204.174.243.128/28; 208.2.66.2; };
        allow-transfer { 192.168/16; 204.244.152.32/28;
204.174.243.128/28; 208.2.66.2; };
};

On the slave serving 204.174.243.129 and 192.168.4.1:
zone "4.168.192.IN-ADDR.ARPA" {
        type slave;
        file "db.192.168.4";
        masters { 204.244.152.33; 192.168.4.17; };
        allow-query { 127.0.0.1; 192.168/16; 204.244.152.32/28;
204.174.243.128/28; 208.2.66.2; };
        allow-transfer { 192.168/16; 204.244.152.32/28;
204.174.243.128/28; 208.2.66.2; };
};
---

More information about the bind-users mailing list