LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-29-2006, 06:31 PM   #1
raska
Member
 
Registered: Aug 2004
Location: Aguascalientes, AGS. Mexico.
Distribution: Slackware 13.0 kernel 2.6.29.6
Posts: 816

Rep: Reputation: 31
Question named (bind) curiosity: syslog full of this similar messages


Hi all,
I have been running since two months ago a Slackware 10.2 server with some services online, including ftp, apache, mail and DNS with a bunch of registered domains. Everything fine

While watching at the logs, I've noticed that /var/log/syslog is damn full of this kind of messages (I modified the green parts for privacy/security reasons):
Quote:
Aug 29 17:33:01 hostname named[pid]: client 190.52.128.63#64053: update 'mydomain.com/IN' denied
All the messages are alike. All of them include a client IP telling me that the server denied an update on one of my domains.

I did some gogglish research and here, I found a text that tries to explain that the name server is doing (not the proper version but seems fit)
Quote:
Indicates that your name server refused a dynamic update to the zone 174.132.in-addr.arpa from the host at IP address 132.174.25.169.
I'm not a network guy, so I can't catch the whole idea yet, that's why I need some advice here.
What is a dynamic update?

I guess it is ok to denied them, for security's sake (or something...)
While going online, a consultant and friend of mine suggested that I should add these options in the /etc/named.conf file:
Code:
options {
        directory       "/var/named";
        auth-nxdomain   yes;
        allow-transfer { 127.0.0.1; };
};
So the allow-transfer part there were the default one for all the configured domains.

What am I denying?
 
Old 08-29-2006, 09:56 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
Here, those error messages are caused by Windows boxes using DHCP with the "Register this connection's addresses in DNS" flag set under Advanced TCP/IP Settings (on the DNS tab). I'd expect any DHCP set up to have that option somewhere.

The allow-transfer { 127.0.0.1; }; statement just means that nobody can transfer the zone information from the server. You may also be restricting with the allow-update and/or allow-update-forwarding statement (or it's the default, I'm not sure) which is why the update requests are causing the error message.

There's some info on the named.conf settings at http://www.zytrax.com/books/dns/ch7/ - it includes sections on all of the available settings.
 
Old 08-30-2006, 09:56 AM   #3
raska
Member
 
Registered: Aug 2004
Location: Aguascalientes, AGS. Mexico.
Distribution: Slackware 13.0 kernel 2.6.29.6
Posts: 816

Original Poster
Rep: Reputation: 31
Hi
Thanks for pointing me out, that link was just what I needed.
Seems that the allow-update { none; }; is the default for all the zones so it should be secure enough to satisfy my worst paranoid nightmares.

It seems that I should blame those windoze boxes for everything...
 
Old 08-30-2006, 10:52 AM   #4
Randux
Senior Member
 
Registered: Feb 2006
Location: Siberia
Distribution: Slackware & Slamd64. What else is there?
Posts: 1,705

Rep: Reputation: 55
Quote:
Originally Posted by raska
It seems that I should blame those windoze boxes for everything...
Yes, and I think that would be a good policy, generally
 
Old 08-30-2006, 11:14 AM   #5
raska
Member
 
Registered: Aug 2004
Location: Aguascalientes, AGS. Mexico.
Distribution: Slackware 13.0 kernel 2.6.29.6
Posts: 816

Original Poster
Rep: Reputation: 31
Yeah, but management won't let me have such thing as a general company policy.
Here, most of the Computing Systems / Informatics department uses windoze for everyday tasks (not me )
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog not opening named pipe. fluxrad Linux - Software 5 02-10-2009 05:31 AM
syslog not writing to named pipe (fc4) darbo Linux - Software 0 02-17-2006 07:35 PM
why is named burning syslog? eantoranz Linux - Networking 5 07-29-2005 11:47 AM
/var/log/messages full of these messages. Should I be concerned? mdavis Linux - Security 5 04-16-2004 10:08 AM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 03:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration