Errors seen in bindlog

Jim Reid jim at rfc1035.com
Wed Feb 23 17:40:22 UTC 2000


>>>>> "Deb" == Deb Aubut <daubut at ziplink.net> writes:

    Deb> Hello- Just trying to understand a few errors that I am
    Deb> seeing in my logifiles:

    Deb> 23-Feb-2000 11:59:47.175 default: info: sysquery: findns error (NXDOMAIN) on relay-1.ziplink.com?  
    Deb> 23-Feb-2000 11:59:47.175 default: info: sysquery: findns error (NXDOMAIN) on relay-0.ziplink.com?

    Deb>     I know that the above errors mean that this is a
    Deb> non-existing domain.  Which is correct as it is actually .net
    Deb> and not .com.  But my question is, where is it getting this
    Deb> information?

Some zone claims to have NS records which point at relay-0.ziplink.com
and relay-1.ziplink.com, but when your name server looks up these
names, it finds they don't exist. This is probably caused by not
updating a zone file when/if you moved or renamed your name servers.
Check your zone files. If the problem's not there, dump the name
server's cache and take a look at that to find out where it's picking
up these bogus NS records from.

    Deb> 23-Feb-2000 11:38:00.289 security: notice: unapproved update from
    Deb> [209.206.49.133].1425 for 49.206.209.in-addr.arpa 
    Deb> 23-Feb-2000 11:38:19.136 security: notice: unapproved update from
    Deb> [209.206.27.88].3933 for 27.206.209.in-addr.arpa
    Deb> 23-Feb-2000 11:38:21.754 security: notice: unapproved update from
    Deb> [209.206.27.116].1086 for 27.206.209.in-addr.arpa

    Deb>     The above are class C's that we are authoritive for.
    Deb> What are the unapproved updates?  And Why are they happening?

Most dynamic update requests tend to come from W2K boxes and they
usually only want to add entries for themselves. You need to find out
who/what was using the IP addresses 209.206.49.133, 209.206.27.88 and
209.206.27.116 and why they were sending DNS update requests when the
name server doesn't allow that. By default BIND8 does not allow
dynamic DNS updates because of the security problems: essentially
anything gets unrestrained write access to the DNS data. Dynamic DNS
updates are supported in BIND8. However you should only turn this on
if you know what you're doing and are sure that the benefits outweigh
the risks.



More information about the bind-users mailing list