To:
Bruce Campbell <bruce.campbell@ripe.net>
CC:
Kevin Darcy <kcd@daimlerchrysler.com>, dns op wg <dnsop@cafax.se>
From:
Simon Coffey <sicoffey@yahoo.com>
Date:
Tue, 29 Jan 2002 16:46:10 +0000
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.8+) Gecko/20020128
Subject:
Re: spurious updates
Title: Hi
Pine.LNX.4.44.0201291556190.3593-100000@x22.ripe.net">On Mon, 28 Jan 2002, Kevin Darcy wrote:Randy Bush wrote:so why are all these spurious updates in my logs? many hundreds a day.
28-Jan-2002 17:41:57.765 security: error: client 63.196.106.137#27584: update 'psg.com/IN' deniedWindows 2000. Don't ask me where they get the domain names from;
sometimes I think they just make them up at random. I get update
attempts for domains we haven't used in years. Reverse domains too.
Windows 2000 and (recent) friends will attempt to perfom a dynamic update
for both the domain _that the local administrator has configured_ and also
for _the IP address that it has been assigned_.
In Randy's case, its one of:
*) lots of people like 'psg.com' (hence, lots of attempted updates).
or
*) Their default search is '.com', and lots of people like 'psg'.
( Haven't seen this myself )
or
*) The logs are incorrect in recording an update attempt for
'psg.com' and are actually recording an update attempt sent
to a psg.com machine as it is a listed nameserver for a domain
that the local administrator has configured. ( Actually they
try to contact the machine in the MNAME field of the SOA record )
or
*) Something flakey (where they start off by trying to update a
domain that something.psg.com is a listed secondary for, but
end up attempting to update th e 'psg.com' itself).
Note that Microsoft has some conditionals in the code to prevent them from
attempting to send dynamic updates to 'known' root servers.