Hello, I have a message that has been showing up in my master DNS server's log over the past few weeks and I am wondering if I can find more verbose specifics from debugging messages in BIND somehow.
The messsage looks like this: May 16 10:52:16 dns01 named[2591]: 16-May-2016 10:52:16.844 update-security: error: client 10.20.0.101#34148: update 'my.domain/IN' denied The frequency of the messages is sporadic. Sometime two or three time in an hour, sometimes once each hour, sometimes 2-3 hours go by before I see one, but I get multiple a day. I take it that this means that for some reason the slave is trying to update the master with some entry, even though I haven't explicitly set up my slave server to be capable of doing so (that I know of). I intended to have the slaves only receive changes coming down from the master but not to try pushing changes up. Here is the zone block for the domain in question in the master and slave servers' /etc/named.conf: Master (10.20.0.110): zone "my.domain" in { type master; file "db.my.domain"; allow-transfer { 10.20.0.100/32; 10.20.0.101/32; }; allow-update { key "xcat_key"; }; notify yes; also-notify {10.20.0.100; 10.20.0.101;}; }; Slave #2 (10.20.0.101): zone "my.domain" in { type slave; file "slaves/db.my.domain"; masters {10.20.0.110;}; }; There are no complaints about Slave #1 in the master's log, though it is basically a clone of Slave #2. They provide name resolution for a compute cluster and the cluster nodes point to both of them in their resolv.conf but in alternating order for load balancing purposes. Is there a way that I can get more detail of what specifically the DNS slave server is trying to update the master with (maybe via more verbose output on the slave itself)? Master BIND version: BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 Slave BIND version: BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 Thanks, Josh
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users