Hi All,

I have had this constantly in my logs for a few days now and cannot seem to figure out what it is.

Aug 29 11:52:42 gkwebworx1 named[354]: denied update from [xxx.xx.xx.xxx].1243 for "domain.com"

with my comments-
Aug 29 11:52:42 gkwebworx1 named[354]: denied update from [xxx.xx.xx.xxx(this actually has an IP adress here and is always the same)].1243(<-- this number constantly changes.) for "domain.com"(<-----always the same domain.....)

This is showing in my logs every 2-3 seconds or less. In the last 45 minutes it has shown over 1000 times......

I know who the IP is, and it is actually the owner of the domain. They have no idea so I can only assume it is some form of virus or something at their end. Does anyone have any ideas???? Please!!!!!

Grant

From what I know the NAMED server is the DNS server and for some reason it could be that something somewhere is trying to update your DNS but failed.

Is the owner of that domain your customer or some other 3rd party sites ?

Incidentally, here is a posting at the Cobalt Forum about the same issue you are facing.

http://list.cobalt.com/pipermail/cobalt-users/2001-December/061170.html

Check that and the subsequent follow ups.

Hope that helps.

Yes,
This is actually one of my customers, not a 3rd party.

Don't understand why their server would be trying to update the DNS on the box though.

I have quite a few customers on here, and this has only just started recently and only with 1 customer.

I will do a bit more checking...

Any other help would be appreciated.

Grant

Check your DNS Server Parameters for that domain name. I think the good place would be to check the SOA for that domain name and see if anything does not seems right.