unapproved update

[Jim Reid]

>>>>> "Khoo" == Khoo Boon Hing <boonhing at ncb.gov.sg> writes:

    Khoo> Hi, Need some help. I'm seeing the following messages in my
    Khoo> syslog :

    Khoo> Jul 5 18:18:45 ns named[24114]: unapproved update from [202.169.237.229].3757 for 2ndlevel.tld 
    Khoo> Jul 5 18:18:46 ns named[24114]: unapproved update from [202.169.237.229].3767 for 2ndlevel.tld

    Khoo> Any idea what could have caused this ? 

The host at 202.169.237.29 is sending Dynamic DNS update requests to
your name server and your name server (rightly) doesn't like this. The
chances are that 202.169.237.29 is some beta version of W2K. These are
by far the most common source of misdirected Dynamic DNS update
requests. Sigh.

    Khoo> I've contacted the
    Khoo> admin for network 202.169.237.0 and informed them about this
    Khoo> more than 2 weeks ago, but seems like nothing has been done
    Khoo> so far.

    Khoo> Can I do anything at my end to stop this ?

Not really. It's the host at 202.169.237.29 that's at fault. Anything
you do - like suppressing "unapproved update" messages or blocking all
access from 202.169.237.29 to your name server - will probably create
more problems for you. An even worse option is to allow 202.169.237.29
to update your DNS data. You'd have no control over what resource
records this host added or removed from your DNS zone. Your comments
suggest that network 202.169.237.0 is under the administrative control
of someone else. In that case, you should NEVER let 202.169.237.29
update your DNS: this system should not be sending update requests to
your name server in the first place.

If you're feeling vindictive, you could report this as a possible
security attack to your local Protocol Police. After all some
unauthorised system is trying to make unapproved updates to your DNS
data. In simple terms, your name server is under attack. And you've
got no response from whoever is notionally responsible for that host.