Query regarding 'UPDATE' field in log entries

Carsten Strotmann cas at strotmann.de
Wed Dec 26 14:19:13 UTC 2012


Gaurav Kansal <gaurav.kansal at nic.in> writes:

> I am getting the below mentioned log continuously in my log file.

> client 2001:db8:0:196:feed:feed:feed:dc#54458: update
> 'test-zone.in/IN' denied
> Does it means that someone is claiming for the authority of the
> test-zone.in for which I am the master?

it does mean that the client is trying to update the "test-zone.in" using
a dynamic update DNS message. This is probably because the client is
running a Windows OS and is configured (manually or by DHCP) to be in
the "local domain / DNS suffix" of "test-zone.in" and tries to add an
Address record (A and/or AAAA) of its own IP Address into the zone. That
is a default behavior of some client operating systems.

As dynamic updates are not enabled by default, the BIND DNS server
denies the updates, and you see the log entry. If you want to allow
clients to automatically update the zone, you need to configure the zone
as a dynamic zone (using update-policy or allow-update statements).

If the client is not in your own networks, someone in the remote network
has (mis-)configured the client to be inside the "test-zone.in" domain.

Best regards

Carsten Strotmann

More information about the bind-users mailing list