Re: Error in log file

In article <c981i9$oc8$1@sf1.isc.org>, akennedy@exemail.com.au (Andrew)
wrote:

> Hello,
>
> I have put a different firewall in front of my network & am now
> getting these errors in log file.
> My DNS server is running Linux machine on a internal machine as shown.
>
>
> May 28 11:21:01.086 notify: debug 1: zone
> 0.168.192.in-addr.arpa\032/IN: notify to 220.233.6.187#53 failed:
> timed out
> May 28 11:21:01.087 notify: debug 1: zone
> 0.168.192.in-addr.arpa\032/IN: notify to 220.233.6.187#53: retries
> exceeded

The "notify failed" and "retries exceeded" messages suggest that your
firewall is blocking UDP port 53 from the master server to the slave.

> May 28 11:21:01.727 notify: debug 1: zone 0.0.127.in-addr.arpa/IN:
> notify to 220.233.6.187#53 failed: timed out
> May 28 11:21:01.727 notify: debug 1: zone 0.0.127.in-addr.arpa/IN:
> notify to 220.233.6.187#53: retries exceeded

Why do you need a slave server for the 0.0.127.in-addr.arpa zone? This
zone is not generally updated, so the normal configuration is for every
server to be a master for it.

> May 28 11:22:53.007 security: error: client 192.168.0.5#1044: update
> 'eziekiel.com/IN' denied
> May 28 11:22:58.005 security: error: client 192.168.0.5#1044: update
> 'eziekiel.com/IN' denied
> May 28 11:23:07.999 security: error: client 192.168.0.5#1044: update
> 'eziekiel.com/IN' denied

The machine at 192.168.0.5 is trying to perform a dynamic DNS update.
You should disable this on the client machine if you don't intend to
allow it on the server.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***