Bind errors

Furmanek, Greg Greg.Furmanek@hit.cendant.com
Thu, 11 Jan 2001 10:12:57 -0500 

I guess that sounds like an option.

If you NATing connection in your firewall the 
bind box will see only the firewall IP therefore
it will think it is doing zone transfer.

Greg

-> -----Original Message-----
-> From: Mike Starke [mailto:mstarke@mail.mobl.com]
-> Sent: Wednesday, January 10, 2001 1:18 PM
-> To: plug-discuss@lists.PLUG.phoenix.az.us
-> Subject: Re: Bind errors
-> 
-> 
-> That was my first thought. However, why would my firewall
-> want to do a zone transfer if it is not running Bind
-> at all? 
-> 
-> My next thought was this: Could someone (one of my imfamous
-> engineers) have set up an NT box that is running a nameserver?
-> Could the request be coming from inside?
-> 
-> 
-> Mike
-> 
-> On Wed, Jan 10, 2001 at 12:37:32PM -0700, Eden Li wrote:
->  It sounds like the firewall is trying to do a zone transfer 
-> from the DNS
->  server.  If that is so, make sure the DNS server allows 
-> zone transfers to
->  your firewall by setting the xfernets directive in BIND4 or the
->  allow-transfer substatement in BIND8.  I'm not entirely 
-> sure this is the
->  problem, but it might be a step in the right direction.
->  
->  Eden
->  
->  From: "Mike Starke" <mgcon@neta.com>
->  | Ever since I replaced my Linux firewall with OpenBSD I
->  | have begun receiveing these errors on my name server.
->  |
->  | Jan 10 12:20:05 ns1 named[11699]: unapproved update from
->  | [<my firewall ip>].12471 for <my_domain_name>.com
->  |
->  |
->  | I have checked resolv.conf on both machines, I have ensured
->  | I have reverse mapping for the FW, In short I feel I have
->  | checked everything. This error is getting written to syslog
->  | approx every 3-5 minutes.
->  |
->  | Anyone want to throw me a bone?
->  
->  
->  ________________________________________________
->  See http://PLUG.phoenix.az.us/navigator-mail.shtml if your 
-> mail doesn't post to the list quickly and you use Netscape 
-> to write mail.
->  
->  Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
->  http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-> 
-> -- 
-> V/R
-> Mike Starke
-> mstarke@mobl.com
-> public key "http://www.neta.com/~mgcon/downloads/mstarke_public.txt"
-> 
-> chgrp -R USMC /home/*
-> 
-> 
-> ________________________________________________
-> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your 
-> mail doesn't post to the list quickly and you use Netscape 
-> to write mail.
-> 
-> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
-> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
->