Logging dynamic update requests

Levon Esibov (Exchange) levone at Exchange.Microsoft.com
Tue Aug 17 18:19:39 UTC 1999


I would like to bring to your attention the following issue.
If a DNS server is configured to log events when unauthorized dynamic
updates are attempted, the log file may quickly grow in size alarming the
administrator and taking up the disk space. This problem will be seen more
often with deployment of the clients attempting dynamic DNS registration.
We already have seen an example of this problem: A user installed a Domain
Controller for the Active Directory Domain called WIN2KTEST.FI and chose
(contrary to our guidelines) to use the Internet DNS server. The domain
controller sent dynamic updates to the Internet DNS server authoritative for
the TLD "FI". The DNS server was not configured to allow dynamic updates and
logged an event that a specific computer attempted registration.
This problem is not specific for the Domain Controllers or for computers
running Windows 2000, but could be caused by any client attempting dynamic
DNS registration on a DNS server authoritative for its name, if the server
is not configured to allow the dynamic update (in general or from this
client specifically). As time goes on we will inevitably see an increase in
the number of Internet clients attempting dynamic DNS registration.
Said this, I'd like to ask whether it is possible to turn off logging of the
dynamic update requests on BIND servers? It also may make sense to have the
logging of unauthorized dynamic updates off by default.

Levon Esibov
Program Manager

More information about the bind-workers mailing list