OK, here is what I have done. I have blocked access to the nameserver
from my fw outside int. Therefore, anything coming from the outside
ip of my fw is not allowed to access the nameserver(s). Transfers
have already been restricted to just the master/slaves.

I beleive the last guy might have been on to something: My
assistant rolled out a couple of Win2K boxes. There was a check
box that statess "Register this connections address in DNS".

Without tailing some logs at the moment, it sounds like
this might be my culprit.  Does anyone aggree?

Mike
mgcon@getnet.com
http://www.getnet.com/~mgcon
Phoenix, AZ
USA

On Thu, 11 Jan 2001, Eden Li wrote:

> Actually, unless NAT is configured to do so.. the source IP address should
> stay the same, so any outside IPs should be logged as trying to do zone
> transfers.  Besides, zone transfers should only occur between primary and
> secondary DNS servers, it should not be a re-occuring thing as Mike is
> experiencing.
> 
> From: "Furmanek, Greg" <Grzegorz.Furmanek@asu.edu>
> | I guess that sounds like an option.
> |
> | If you NATing connection in your firewall the
> | bind box will see only the firewall IP therefore
> | it will think it is doing zone transfer.
> 
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>