Okay, yeah I am running DHCP on the same server so I'll check its settings.
Thanks!
On Mon, May 16, 2016 at 6:08 PM, Matthew Pounsett
wrote:
>
>
> On 16 May 2016 at 19:03, Josh Nielsen wrote:
>
>> Thank you for the response Mark. I'm still a little confused at what this
>> might mean though. C
[2591]: 16-May-2016 10:52:16.844
update-security: error: client 10.20.0.101#34148: update 'my.domain/IN'
denied
On 17.05.16 07:24, Mark Andrews wrote:
It a UPDATE request being denied. It will be some process other
than named sending the request unless you have configured named to
forwa
On 16 May 2016 at 19:03, Josh Nielsen wrote:
> Thank you for the response Mark. I'm still a little confused at what this
> might mean though. Clearly the originating address is my slave DNS server
> (every single one of the messages say "error: client 10.20.0.101").
>
> Are you saying that some p
e
>> > specifics from debugging messages in BIND somehow.
>> >
>> > The messsage looks like this:
>> >
>> > May 16 10:52:16 dns01 named[2591]: 16-May-2016 10:52:16.844
>> > update-security: error: client 10.20.0.101#34148: update 'my.domain/
ter DNS server's log
> > over the past few weeks and I am wondering if I can find more verbose
> > specifics from debugging messages in BIND somehow.
> >
> > The messsage looks like this:
> >
> > May 16 10:52:16 dns01 named[2591]: 16-May-2016 10:52:16.844
&g
like this:
>
> May 16 10:52:16 dns01 named[2591]: 16-May-2016 10:52:16.844
> update-security: error: client 10.20.0.101#34148: update 'my.domain/IN'
> denied
It a UPDATE request being denied. It will be some process other
than named sending the request unless you have conf
6.844
update-security: error: client 10.20.0.101#34148: update 'my.domain/IN'
denied
The frequency of the messages is sporadic. Sometime two or three time in an
hour, sometimes once each hour, sometimes 2-3 hours go by before I see one,
but I get multiple a day.
I take it that this means that
On Mar 16, 2014, at 3:32 AM, Bob McDonald wrote:
> Ok so it's not painless. Do the updates still get forwarded to the master by
> the slaves or do I need to have all Windows devices needing update capability
> to point at the master?
>
> TIA,
>
> Bob
I don't believe it works with update for
Signed updates, that is...
On Sun, Mar 16, 2014 at 5:32 AM, Bob McDonald wrote:
> Ok so it's not painless. Do the updates still get forwarded to the master
> by the slaves or do I need to have all Windows devices needing update
> capability to point at the master?
>
> TIA,
>
> Bob
>
>
>
> On F
Ok so it's not painless. Do the updates still get forwarded to the master
by the slaves or do I need to have all Windows devices needing update
capability to point at the master?
TIA,
Bob
On Fri, Mar 14, 2014 at 7:36 PM, Chris Buxton wrote:
> On Mar 14, 2014, at 10:50 AM, Bob McDonald wrote
On Mar 14, 2014, at 10:50 AM, Bob McDonald wrote:
> I agree that TSIG or SIG(0) signed updates are certainly a more desirable
> approach than allowing updates via address. My DHCP server is setup to sign
> all of it's updates this way. However, I have AD domain controllers in the
> environme
I agree that TSIG or SIG(0) signed updates are certainly a more desirable
approach than allowing updates via address. My DHCP server is setup to
sign all of it's updates this way. However, I have AD domain controllers
in the environment that don't currently use signed updates. Is there a
fairly
If you are going to forward updates use TSIG or SIG(0) to sign the
update and stop worrying about addresses. TSIG and SIG(0) are
billions and billions of times stronger authenticators than a IP
address.
"allow-update-forwarding { any; };" says forward all updates
regardless of the address they w
I want to confirm my understanding of security of DDNS updates.
I have a stealth master "A" feeding slave "B" and "C".
I have allow-update-forwarding { any; } specified on "B" and "C".
If a client "D" presents an update to "B" or "C" it will automatically be
forwarded to "A".
If "B" or "C" are
14 matches
Mail list logo
