denied update from [an IP I don't know] for "my domain"

Joe Kattner joe.kattner at
Thu Feb 21 13:39:01 UTC 2002

The request that is denied is coming from, so there is =
you can do about it. You've written the IP Admin, so aside from =
blocking or
ignoring it, there's not much left for you to do. The requests are =
so aside from the logs, it's not uncommon for DNS administrators to get =
on a regular basis, and usually not cause for a concern. There is =
nothing in
your configuration that will explain this, nor is the similarity of =
domain names you host of any relevance to this problem.

Someone posted that it is a Windows 2k machine, based on a frequent =
of retries, it probably is, but remember that may or may not be true =
The source of a dynamic update can be a number of things, Windows, =
a DHCP server, or something else. You can't conclusively say what it is
coming from with that message alone. It's on by default on Windows 2k, =
that is a likely candidate in this case, but it's not the only one. =
someone really is trying to manipulate the data in

You'll also probably want to turn off recursive queries from unknown =
on both you're name servers ( and =
Anyone on
the internet can use you're name servers for resolution. Again, it's =
a Windows 2k trying to update itself, but with an 'open-door' policy =
that, it's possible you've attracted someone looking around to see what =
get away with on your servers.

Is a client of yours? Perhaps they set up their home machine =
use, and you can just ask them if they are using 2k and are =
on If you choose to block the IP, you may find out the hard =
if they are a client.


-----Original Message-----
From: R=E9gis [mailto:regis at]
Sent: Wednesday, February 20, 2002 3:31 PM
To: comp-protocols-dns-bind at
Subject: denied update from [an IP I don't know] for "my domain"


I looked in the archive and found the same error message but in a =
context, so I hope someone could help me. Please excuse me for my=20
english, it is not
my native language.

Here is the message number (it is the real one, I didn't change =
anything) :
Feb 20 20:40:46 mensmagna named[14052]: denied update from=20
[].3971 for "" IN

Here is my config :
Linux Debian woody
named 8.3.0-REL-NOESW Thu Jan 17 11:40:46 MST 2002
it runs chrooted
I have a lot of domains but, and may be relevant because they share the same IP =
my nameserver is master, the slave is the one of a friend, I looked at =
config file without seeing anything
I don't know if it is a good idea to publish their name and IP here but =

you can
have them using the whois on any of the above domain name if you want =

My problem and what I've done :
I receive this error message very often and everytime from the same IP.
An host command on this IP shows :

I think it is interessant to see that the domain is quite=20
similar to or that have the same IP than =

I looked at my config files but I saw nothing special, I looked at the=20
config files
of the secondary dns (which is a slave of mine), I looked on google and =
But I didn't find anything

I wrote to the admin (found the address using whois) but I had no =
(about 2 weeks now).

My questions :
Which side does the error come from ?
Is it an error that I must correct ?
Is it something the admin made incorrectly ?
Is is something important or not ?
What should I do ?

Thank you for any hint or any link to a document or relevant mail =


More information about the bind-users mailing list