denied update from [an IP I don't know] for "my domain"
joe.kattner at adelphia.com
Thu Feb 21 13:39:01 UTC 2002
The request that is denied is coming from 188.8.131.52, so there is =
you can do about it. You've written the IP Admin, so aside from =
ignoring it, there's not much left for you to do. The requests are =
so aside from the logs, it's not uncommon for DNS administrators to get =
on a regular basis, and usually not cause for a concern. There is =
your configuration that will explain this, nor is the similarity of =
domain names you host of any relevance to this problem.
Someone posted that it is a Windows 2k machine, based on a frequent =
of retries, it probably is, but remember that may or may not be true =
The source of a dynamic update can be a number of things, Windows, =
a DHCP server, or something else. You can't conclusively say what it is
coming from with that message alone. It's on by default on Windows 2k, =
that is a likely candidate in this case, but it's not the only one. =
someone really is trying to manipulate the data in aades.com.
You'll also probably want to turn off recursive queries from unknown =
on both you're name servers ( ns.makingofweb.com and ns.sioc.org). =
the internet can use you're name servers for resolution. Again, it's =
a Windows 2k trying to update itself, but with an 'open-door' policy =
that, it's possible you've attracted someone looking around to see what =
get away with on your servers.
Is aades.com a client of yours? Perhaps they set up their home machine =
use aades.com, and you can just ask them if they are using 2k and are =
184.108.40.206? If you choose to block the IP, you may find out the hard =
if they are a client.
From: R=E9gis [mailto:regis at grison.org]
Sent: Wednesday, February 20, 2002 3:31 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: denied update from [an IP I don't know] for "my domain"
I looked in the archive and found the same error message but in a =
context, so I hope someone could help me. Please excuse me for my=20
english, it is not
my native language.
Here is the message number (it is the real one, I didn't change =
Feb 20 20:40:46 mensmagna named: denied update from=20
[220.127.116.11].3971 for "aades.com" IN
Here is my config :
Linux Debian woody
named 8.3.0-REL-NOESW Thu Jan 17 11:40:46 MST 2002
it runs chrooted
I have a lot of domains but lesgarsdvierzon.net, rsdvierzon.net and
aades.com may be relevant because they share the same IP =
my nameserver is master, the slave is the one of a friend, I looked at =
config file without seeing anything
I don't know if it is a good idea to publish their name and IP here but =
have them using the whois on any of the above domain name if you want =
My problem and what I've done :
I receive this error message very often and everytime from the same IP.
An host command on this IP shows :
I think it is interessant to see that the domain verizon.net is quite=20
lesgarsdvierzon.net or rsdvierzon.net that have the same IP than =
I looked at my config files but I saw nothing special, I looked at the=20
of the secondary dns (which is a slave of mine), I looked on google and =
But I didn't find anything
I wrote to the admin (found the address using whois) but I had no =
(about 2 weeks now).
My questions :
Which side does the error come from ?
Is it an error that I must correct ?
Is it something the verizon.net admin made incorrectly ?
Is is something important or not ?
What should I do ?
Thank you for any hint or any link to a document or relevant mail =
More information about the bind-users