Why ? denied update from [].2697 for "proulx.com" IN

Bob Proulx bob at proulx.com
Sun Jun 23 04:25:47 UTC 2002

I have searched and read many references concerning the log message
denied update from [].2697 for "proulx.com" IN


But one question is still unanswered that I was hoping someone could
enlighten me about.  Why is the remote unknown host trying to update
my zone?  Is it a crack attempt?  Is it a broken windows machine?  Is
it a virus worm that is trying to reproduce?  Is someone just happy to
see me?

Note that I am not asking how to stop the logging.  I know that is
harmless.  I would instead like to understand what is compelling these
remote hosts to try to update my zones and why they keep trying, day
in and day out.  I know it is harmless logging.  But things like this
lead one to want to drop 61/8 entirely at the firewall.  But I am just
overwhelmingly curious as to what would latch onto one of my servers
and not let go.  There must be a reason behind it.


P.S. Yes, I know I am still running bind 8.  Will be doing an update
to bind 9 soon.

BTW, here is the list of IP addresses that have been trying to do zone
updates to me.  Is this a pattern that anyone recognizes?  Not every
address wants me.  :-)

More information about the bind-users mailing list