denied update from [an IP I don't know] for "my domain"
Régis
Hello,
I looked in the archive and found the same error message but in a different
context, so I hope someone could help me. Please excuse me for my
english, it is not
my native language.
Here is the message number (it is the real one, I didn't change anything) :
Feb 20 20:40:46 mensmagna named[14052]: denied update from
[138.89.40.249].3971 for "aades.com" IN
Here is my config :
Linux Debian woody
named 8.3.0-REL-NOESW Thu Jan 17 11:40:46 MST 2002
it runs chrooted
I have a lot of domains but lesgarsdvierzon.net, rsdvierzon.net and
aades.com may be relevant because they share the same IP (212.157.81.25)
my nameserver is master, the slave is the one of a friend, I looked at both
config file without seeing anything
I don't know if it is a good idea to publish their name and IP here but
you can
have them using the whois on any of the above domain name if you want them
My problem and what I've done :
I receive this error message very often and everytime from the same IP.
An host command on this IP shows :
Name: pool-138-89-40-249.mad.east.verizon.net
I think it is interessant to see that the domain verizon.net is quite
similar to
lesgarsdvierzon.net or rsdvierzon.net that have the same IP than aades.com
I looked at my config files but I saw nothing special, I looked at the
config files
of the secondary dns (which is a slave of mine), I looked on google and
isc.org
But I didn't find anything
I wrote to the admin (found the address using whois) but I had no response
(about 2 weeks now).
My questions :
Which side does the error come from ?
Is it an error that I must correct ?
Is it something the verizon.net admin made incorrectly ?
Is is something important or not ?
What should I do ?
Thank you for any hint or any link to a document or relevant mail archive.
Regis.
sanjay
It must be coming from Win 2K machine(stupid MS). It is a bug actually in
win 2k.
sanjay
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Simon Waters
Régis wrote:
>
> My questions :
> Which side does the error come from ?
It is probably a Windows 2000 machine which someone has typed
your domain name into instead of verizon's.
They try repeatedly to add themselves to the DNS.
> Is it an error that I must correct ?
If you don't want a dynamic update you can just ignore it.
> Is it something the verizon.net admin made incorrectly ?
Probably not, probably just a user.
> Is is something important or not ?
If you don't want the update it is just noise.
> What should I do ?
I'd wait for someone to complain ;)
Unless you've had some Windows 2000 machines stolen recently ;)
Joe Kattner
The request that is denied is coming from 138.89.40.249, so there is =
nothing
you can do about it. You've written the IP Admin, so aside from =
blocking or
ignoring it, there's not much left for you to do. The requests are =
denied,
so aside from the logs, it's not uncommon for DNS administrators to get =
them
on a regular basis, and usually not cause for a concern. There is =
nothing in
your configuration that will explain this, nor is the similarity of =
other
domain names you host of any relevance to this problem.
Someone posted that it is a Windows 2k machine, based on a frequent =
number
of retries, it probably is, but remember that may or may not be true =
though.
The source of a dynamic update can be a number of things, Windows, =
nsupdate,
a DHCP server, or something else. You can't conclusively say what it is
coming from with that message alone. It's on by default on Windows 2k, =
so
that is a likely candidate in this case, but it's not the only one. =
Perhaps
someone really is trying to manipulate the data in aades.com.
You'll also probably want to turn off recursive queries from unknown =
clients
on both you're name servers ( ns.makingofweb.com and ns.sioc.org). =
Anyone on
the internet can use you're name servers for resolution. Again, it's =
likely
a Windows 2k trying to update itself, but with an 'open-door' policy =
like
that, it's possible you've attracted someone looking around to see what =
they
get away with on your servers.
Is aades.com a client of yours? Perhaps they set up their home machine =
to
use aades.com, and you can just ask them if they are using 2k and are =
on
138.89.40.249? If you choose to block the IP, you may find out the hard =
way
if they are a client.
--Joe
-----Original Message-----
From: R=E9gis [mailto:re...@grison.org]
Sent: Wednesday, February 20, 2002 3:31 PM
To: comp-protoc...@moderators.isc.org
Subject: denied update from [an IP I don't know] for "my domain"
Hello,
I looked in the archive and found the same error message but in a =
different
context, so I hope someone could help me. Please excuse me for my=20
english, it is not
my native language.
Here is the message number (it is the real one, I didn't change =
anything) :
Feb 20 20:40:46 mensmagna named[14052]: denied update from=20
[138.89.40.249].3971 for "aades.com" IN
Here is my config :
Linux Debian woody
named 8.3.0-REL-NOESW Thu Jan 17 11:40:46 MST 2002
it runs chrooted
I have a lot of domains but lesgarsdvierzon.net, rsdvierzon.net and
aades.com may be relevant because they share the same IP =
(212.157.81.25)
my nameserver is master, the slave is the one of a friend, I looked at =
both
config file without seeing anything
I don't know if it is a good idea to publish their name and IP here but =
you can
have them using the whois on any of the above domain name if you want =
them
My problem and what I've done :
I receive this error message very often and everytime from the same IP.
An host command on this IP shows :
Name: pool-138-89-40-249.mad.east.verizon.net
I think it is interessant to see that the domain verizon.net is quite=20
similar to
lesgarsdvierzon.net or rsdvierzon.net that have the same IP than =
aades.com
I looked at my config files but I saw nothing special, I looked at the=20
config files
of the secondary dns (which is a slave of mine), I looked on google and =
isc.org
But I didn't find anything
I wrote to the admin (found the address using whois) but I had no =
response
(about 2 weeks now).
My questions :
Which side does the error come from ?
Is it an error that I must correct ?
Is it something the verizon.net admin made incorrectly ?
Is is something important or not ?
What should I do ?
Thank you for any hint or any link to a document or relevant mail =
archive.
Regis.
Barry Finkel
>> Here is the message number (it is the real one, I didn't change anything):
>> Feb 20 20:40:46 mensmagna named[14052]: denied update from
>> [138.89.40.249].3971 for "aades.com" IN
"sanjay" <indianl...@yahoo.com> replied:
> It must be coming from Win 2K machine(stupid MS). It is a bug actually in
> win 2k.
The message means that a machine at IP address
138.89.40.249
sent in a dynamic DNS request to your DNS server, and your DNS server
refused to honor the request because you have not authorized DDNS
from that IP address.
There is no proof that the machine at address
138.89.40.249
is a W2k machine. That IP address is registered in DNS as
and I doubt that BellAtlantic (aka Verizon) would be running BIND
8.2.5-REL on a W2k server. I (and others) believe that Microsoft made
a design flaw when it made W2k workstations self-register (via DDNS) as
the default. It is a bad choice of defaults, it is NOT a bug.
As for why that nameserver is sending a DDNS packet to your DNS server,
you need to contact
That is the e-mail address in the SOA for the
40.89.138.in-addr.arpa
zone.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFi...@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994