Guys (Just read back through this thread, I've been away)
They're *updates*, not zone transfer attempts. That almost certainly indicates someone who has (for some reason) setup a Windows server, is running DNS on it, and has the 'target' domain setup on there also. The dumb server is then attempting to auto-update the master DNS server with dynamic updates. You'll see it more and more often as time goes by. Ignore it, or alternatively simply setup a logging category for updates to channel "null". Read the BIND documentation or refer to the O'Reilly "DNS and BIND" book for details on how to do it. In almost all cases, it's easier to understand the cause rather than try to build a big firewall ruleset to prevent it happening! Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
