update forwarding denied

Barry Finkel b19141 at achilles.ctd.anl.gov
Mon Oct 7 14:29:06 UTC 2002

I wrote:

>> I am seeing messages like this one in the syslog of one of our BIND
>> 9.2,1 servers:
>>      Oct  2 20:34:34 thor.ctd.anl.gov named[301]:
>>        [ID 866145 daemon.error] client
>>        update forwarding denied
>> I have been unable to determine what this message means.  I do not see
>> the message on Cricket's site
>>      http://www.menandmice.com/docs/named_messages.htm
>> and I cannot seem to find the message in the BIND 9.2.1 source.
>> The IP address 
>> translates to
>>      rf1.cuis.edu
>> and cuis.edu is a slave zone on this DNS server.  Can anyone help?
>> Thanks.

"Cricket Liu" <cricket at menandmice.com> replied:

>That message means that your slave name server received a dynamic
>update, which it normally would have forwarded to its master name
>server for the zone.  However, it didn't because either you didn't
>have an allow-update-forwarding substatement in the corresponding
>zone statement or the allow-update-forwarding substatement didn't
>allow forwarding updates from that IP address.

I have a two comments/questions:

1) I thought that BIND 8.2.5-REL (which I am running on the nameserver
   in question) did not forward DDNS requests sent to a slave server.
   I have no "allow-update-forwarding" statements in my named.conf

2) How do I determine the IP address of the machine that is sending
   the DDNS packet?  I am assuming that the IP address contained in the
   message is the address of the master nameserver for the zone that
   the DDNS packet is trying to update.
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list