Bind errors

[Mike Starke]

I am going to run with the Win2K theory right now,
only because everything else checks out OK and
it makes the most sense.

By the end of today, we will have had a chance to get
to any Win2K boxes and check their settings.

I'll keep everyone posted if they are interested.

Mike
mgcon@getnet.com
http://www.getnet.com/~mgcon
Phoenix, AZ
USA

On Thu, 11 Jan 2001, Gary Nichols wrote:

> I'll bet you a 6" stuffed Tux penguin that it was indeed those Win2k boxen.
> (I had this exact same scenerio happen to me when I was beta-testing win2k
> pro a year or so ago).
> 
>  ============================================
>  Gary Nichols              gary@neoplanet.com
>  Network Operations Mgr        NeoPlanet,Inc.
>  RHCE #806200886701949      www.neoplanet.com
>  --------------------------------------------
> 
> 
> -----Original Message-----
> From: plug-discuss-admin@lists.PLUG.phoenix.az.us
> [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Mike
> Starke
> Sent: Thursday, January 11, 2001 10:51 AM
> To: plug-discuss@lists.PLUG.phoenix.az.us
> Subject: Re: Bind errors
> 
> 
> OK, here is what I have done. I have blocked access to the nameserver
> from my fw outside int. Therefore, anything coming from the outside
> ip of my fw is not allowed to access the nameserver(s). Transfers
> have already been restricted to just the master/slaves.
> 
> I beleive the last guy might have been on to something: My
> assistant rolled out a couple of Win2K boxes. There was a check
> box that statess "Register this connections address in DNS".
> 
> Without tailing some logs at the moment, it sounds like
> this might be my culprit.  Does anyone aggree?
> 
> Mike
> mgcon@getnet.com
> http://www.getnet.com/~mgcon
> Phoenix, AZ
> USA
> 
> On Thu, 11 Jan 2001, Eden Li wrote:
> 
> > Actually, unless NAT is configured to do so.. the source IP address should
> > stay the same, so any outside IPs should be logged as trying to do zone
> > transfers.  Besides, zone transfers should only occur between primary and
> > secondary DNS servers, it should not be a re-occuring thing as Mike is
> > experiencing.
> >
> > From: "Furmanek, Greg" <Grzegorz.Furmanek@asu.edu>
> > | I guess that sounds like an option.
> > |
> > | If you NATing connection in your firewall the
> > | bind box will see only the firewall IP therefore
> > | it will think it is doing zone transfer.
> >
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
> >
> > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> 
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
> to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>