Logging question about message 'update-security: error: client update denied'

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue May 17 08:49:34 UTC 2016

>In message <CANX+b1K5Z28oqVnb7=FxWGrHL5YSsg0Ear_fnnpYuDzJcDywNQ at mail.gmail.com>, Josh Nielsen writes:
>> I have a message that has been showing up in my master DNS server's log
>> over the past few weeks and I am wondering if I can find more verbose
>> specifics from debugging messages in BIND somehow.
>> The messsage looks like this:
>> May 16 10:52:16 dns01 named[2591]: 16-May-2016 10:52:16.844
>> update-security: error: client update 'my.domain/IN'
>> denied

On 17.05.16 07:24, Mark Andrews wrote:
>It a UPDATE request being denied.  It will be some process other
>than named sending the request unless you have configured named to
>forward updates.
>In the best of worlds every machine would be updating its own PTR
>records and keep its own addresses in the DNS up to date.

depends on the idealness of the world, but I personally don't like allowing
clients to update their DNS records, imho the DHCP server should do those
changes if it assigne the client an IP address
>> Master (
>> zone "my.domain" in {
>>         type master;
>>         file "db.my.domain";
>>         allow-transfer {
>>       ;
>>       ;
>>         };
>>         allow-update {
>>                 key "xcat_key";
>>         };
>>         notify yes;
>>         also-notify {;;};
>> };

apparently the client who asks for update does not know the "xcat_key".

...many windows machines tend to register their name in DNS (it's
on by default in netowrk settings).

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

More information about the bind-users mailing list