denied update from win2k

Lookman Fazal fazall at research.bell-labs.com
Tue Feb 20 12:26:30 UTC 2001


Thanks for the advice

Just to further clear my question.  The zone win2k.mycompany.com is
exclusively for win2k machines only.

You mentioned about allow-update.  What is the syntax for doing that in the db
file?

In other words the errors which I am seeing on my bind server
denied update from [135.10.10.10].1421 for "10.135.in-addr.arpa

I want to allow/authorize it

I have no zones defined in my named.conf flike for win2k.mycompany.com .

All I have is that in my bind, the master zone file mycompany.com.db has the
following
entry

win2k       IN      NS      test2.win2k.mycompany.com.
test2.win2k.mycompany.com.          IN      A       135.10.10.10

Thanks
--fazal


Kevin Darcy wrote:

> You have delegated "win2k.mycompany.com" to some machine called
> "test2.win2k.mycompany.com", which has an address in the 135.10.*.*
> address range.
>
> This in no way authorizes any particular machine to Dynamically Update the
> 10.135.in-addr.arpa zone.
>
> If you don't mind giving Win2K clients and/or Win2K DHCP servers free run
> of your 10.135.in-addr.arpa zone, then just put an allow-update in the
> zone definition. But think very carefully before you do this, because once
> it's done, practically speaking you then have to make *all* updates to
> that zone -- including updates for non-Win2K boxes, if any -- via Dynamic
> Update. It's not possible to mix Dynamic Update and manual update in the
> same zone reliably (short of stopping the nameserver during every manual
> update).
>
> - Kevin
>
> Lookman Fazal wrote:
>
> > Hello All
> >
> > We have a win2k machine which has intergrated dns with AD.  It uses the
> > prefered server as my bind(8.2.3) server.
> >
> > In my bind, the master zone file mycompany.com.db has the following
> > entry
> >
> > win2k       IN      NS      test2.win2k.mycompany.com.
> > test2.win2k.mycompany.com.          IN      A       135.10.10.10
> >
> > Where win2k is the zone where all win2k machines are residing
> >
> > In the log files of my bind server, I see the following error messages
> >
> > denied update from [135.10.10.10].1421 for "10.135.in-addr.arpa
> >
> > --please help
> >
> > fazall



More information about the bind-users mailing list