unauthorized update attempts

Danny Mayer mayer at gis.net
Sat Feb 2 03:52:47 UTC 2002

At 07:27 PM 2/1/02, acorns wrote:

>I'm using bind-9.1.3-4, which defaults to disallow dynamic updates, so I
>realize I'm safe. Here is what is appearing in my log:
>Jan 30 01:52:10 ns3 named[13195]: dynamic update failed: 'RRset exists
>(value dependent)' prerequisite not satisfied (NXRRSET)
>Jan 30 01:52:10 ns3 named[13195]: client update denied
>I've set up ipchains to deny this entire C class, as I have received
>other update attempts from this IP range in the past. It's not one of my
>own hosts (the IP seems to be somewhere in Asia), which makes me wonder
>what these attempts are trying to accomplish.  On my old server (running
>bind 8) the error messages were more verbose, so I could see which
>domain was targeted. We regularly bounce mail for unknown users at this
>domain, which suggests that someone might be trying to use it.
>Should I assume this is a hijack attempt, or a misconfigured name
>server? Can anyone recommend any additional precautions?

Yes, contact Bill Gates and tell him to stop doing that! W2K tries to do this
by default.


More information about the bind-users mailing list