'DENTS: Logging dynamic update requests (fwd)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dents-list
Subject:    DENTS: Logging dynamic update requests (fwd)
From:       Todd Graham Lewis <tlewis () mindspring ! net>
Date:       1999-08-17 23:30:57
[Download RAW message or body]

FYI.  Not that we do logging, or even support dynamic updates, but it's
something to keep in mind, in terms of what's configurable.

--
Todd Graham Lewis                        Postmaster, MindSpring Enterprises
tlewis@mindspring.net                                (800) 719-4664, x22804

      "Do not squander time.  That is the stuff that life is made of."

---------- Forwarded message ----------
Date: Tue, 17 Aug 1999 11:19:39 -0700
From: "Levon Esibov (Exchange)" <levone@Exchange.Microsoft.com>
To: "'bind-workers@isc.org'" <bind-workers@isc.org>
Subject: Logging dynamic update requests

Hi,

I would like to bring to your attention the following issue.
If a DNS server is configured to log events when unauthorized dynamic
updates are attempted, the log file may quickly grow in size alarming the
administrator and taking up the disk space. This problem will be seen more
often with deployment of the clients attempting dynamic DNS registration.
We already have seen an example of this problem: A user installed a Domain
Controller for the Active Directory Domain called WIN2KTEST.FI and chose
(contrary to our guidelines) to use the Internet DNS server. The domain
controller sent dynamic updates to the Internet DNS server authoritative for
the TLD "FI". The DNS server was not configured to allow dynamic updates and
logged an event that a specific computer attempted registration.
This problem is not specific for the Domain Controllers or for computers
running Windows 2000, but could be caused by any client attempting dynamic
DNS registration on a DNS server authoritative for its name, if the server
is not configured to allow the dynamic update (in general or from this
client specifically). As time goes on we will inevitably see an increase in
the number of Internet clients attempting dynamic DNS registration.
Said this, I'd like to ask whether it is possible to turn off logging of the
dynamic update requests on BIND servers? It also may make sense to have the
logging of unauthorized dynamic updates off by default.

Thanks.
Levon Esibov
Program Manager
Microsoft

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic