It sounds like the firewall is trying to do a zone transfer from the DNS
server.  If that is so, make sure the DNS server allows zone transfers to
your firewall by setting the xfernets directive in BIND4 or the
allow-transfer substatement in BIND8.  I'm not entirely sure this is the
problem, but it might be a step in the right direction.

Eden

From: "Mike Starke" <mgcon@neta.com>
| Ever since I replaced my Linux firewall with OpenBSD I
| have begun receiveing these errors on my name server.
|
| Jan 10 12:20:05 ns1 named[11699]: unapproved update from
| [<my firewall ip>].12471 for <my_domain_name>.com
|
|
| I have checked resolv.conf on both machines, I have ensured
| I have reverse mapping for the FW, In short I feel I have
| checked everything. This error is getting written to syslog
| approx every 3-5 minutes.
|
| Anyone want to throw me a bone?