I am looking into repeated log entries that look like this:

Nov 20 07:08:15 server named[12345]: client updating zo
ne 'somecompany.net/IN': update failed: 'RRset exists (value dependent)'
uisite not satisfied (NXRRSET)
Nov 20 07:08:15 server named[12345]: Nov 20 07:08:15.201security: error: c
lient update 'somecompany.net/IN' denied

This Bind 9 implementation is authoritative for a dozen or so zones, but
these entries are being repeatedly logged for only three of them. I have
seen reference on other mailing lists that this may be expected behavior and
could be windows clients trying to perform dyamic updates this Bind server.
Unless these clients were allowed to perform updates by adding them to the
allow-update parameter of the zone entry in named.conf, the message is
normal as these clients should not be able to update your zone files.

The zone entry in named.conf looks like this:

zone "somecompany.net" {
        type master;
        notify yes;
        file "db.somecompany.net";
        allow-update { none; };
Any thoughts on whether I should be concerned about this? And if so, what
prerequisite is not being met? I have read rfc2136.txt but I wasn¹t able to
make a lot of sense of it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20051122/934b587a/attachment.htm