That was my first thought. However, why would my firewall
want to do a zone transfer if it is not running Bind
at all? 

My next thought was this: Could someone (one of my imfamous
engineers) have set up an NT box that is running a nameserver?
Could the request be coming from inside?


Mike

On Wed, Jan 10, 2001 at 12:37:32PM -0700, Eden Li wrote:
 It sounds like the firewall is trying to do a zone transfer from the DNS
 server.  If that is so, make sure the DNS server allows zone transfers to
 your firewall by setting the xfernets directive in BIND4 or the
 allow-transfer substatement in BIND8.  I'm not entirely sure this is the
 problem, but it might be a step in the right direction.
 
 Eden
 
 From: "Mike Starke" <mgcon@neta.com>
 | Ever since I replaced my Linux firewall with OpenBSD I
 | have begun receiveing these errors on my name server.
 |
 | Jan 10 12:20:05 ns1 named[11699]: unapproved update from
 | [<my firewall ip>].12471 for <my_domain_name>.com
 |
 |
 | I have checked resolv.conf on both machines, I have ensured
 | I have reverse mapping for the FW, In short I feel I have
 | checked everything. This error is getting written to syslog
 | approx every 3-5 minutes.
 |
 | Anyone want to throw me a bone?
 
 
 ________________________________________________
 See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
 
 Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-- 
V/R
Mike Starke
mstarke@mobl.com
public key "http://www.neta.com/~mgcon/downloads/mstarke_public.txt"

chgrp -R USMC /home/*