Logging Question

Danny Mayer mayer at gis.net
Thu Apr 4 00:23:08 UTC 2002


At 10:48 AM 4/3/02, Kenneth Kalan wrote:

>I've recently upgraded to bind 9.2.0 (was using the last version of the 4
>series).
>
>I've noticed my logs getting full of
>
>Apr  3 09:35:29 barney named[379]: [ID 866145 local3.error] client
>{ip-address-of-client}
>1#1474: update '{domain-name}/IN' denied
>
>This seems to be from Win 2K machines trying to update the DNS, which they
>are set to do by default (windows default, not mine), but are not allowed
>to.  I've searched through the archives trying to find the solution.  No
>one seemed to have an answer except to modify the source code and recompile.

That means that you will miss the malicious update attempts rather than just
Microsoft's W2K's attempts. You need to go to each machine and turn off
these update attempts.  Check out:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q246804

I haven't had a chance to check this out, but you may also be able to disable
this behavior by turning off the DHCP Client Service which is what is used to
send these updates.  You can't do this if you are really using DHCP instead
of static addresses.

         Danny



More information about the bind-users mailing list