Dynamic Update log entries?
jlightner at water.com
Mon Jun 30 15:44:43 UTC 2008
In my log I'm seeing various external IPs being denied update of my
On checking the in the ISC FAQ the message has to do with Dynamic
Updates. Since these are external and I'm not really sure who they are
(reverse lookup shows nothing) I can't really implement the fix
mentioned in the FAQ.
Reverse lookup has no information for the IPs.
Whois seems to suggest the IPs are part of BellSouth or Southwestern
Bell (both of which are now part of AT&T). AT&T is where we got our IP
ranges from so I'm wondering if there would be any valid reason for them
to be attempting Dynamic Updates to our servers?
Also on doing a test I found adding the IPs to an ACL and doing a
blackhole on the ACL in named.conf will stop the messages. Is there
any downside to doing this? Is there a better way to prevent Dynamic
Update attempts from external IPs altogether?
A couple of example IPs are 18.104.22.168 & 22.214.171.124.
The FAQ I mentioned is at http://www.isc.org/index.pl?/sw/bind/FAQ.php
The specific Q & Q was:
I keep getting log messages like the following. Why?
Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
Someone is trying to update your DNS data using the RFC2136 Dynamic
Update protocol. Windows 2000 machines have a habit of sending dynamic
update requests to DNS servers without being specifically configured to
do so. If the update requests are coming from a Windows 2000 machine,
information about how to turn them off. "
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
More information about the bind-users