Has anyone been seeing this sort of traffic on your BIND 8 servers? This morning, my BIND 8.1.1 started logging this repeatedly: security: notice: unapproved update from [xx.yy.zz.5].1116 for fox7.com We host the web site for fox7.com, a TV station in Austin, TX. I looked up the address at arin.net, and found that it belonged to an ISP in Plano, TX. I also checked out the host at that IP, and it is running IIS 5.0 according to the HTTP response headers, as well as FTP, and it claims to be Windows NT when I login anonymously. It's also listening on 53/tcp and udp. I called the ISP that Arin associated with the IP address, and the fellow there tells me that, in fact, Fox7 the TV station is a new customer of his. He's checking whether they were assigned the IP address in question and will get back to me. But this all begins to make sense now, sort of. Does anybody know if some version of NT tries to do dynamic DNS updates (Win2000 perhaps)? What I am thinking is, if Fox7 setup this NT system with the DNS domain fox7.com, is it recursing to the root servers to find the authoritative NS for fox7.com, and attempting to update my nameserver with its IP address (or the IP's of its clients, even)? My nameserver doesn't allow this operation to succeed, of course, but I am wondering if anyone else has seen this behavior before. --- UNIX Team - The difference between theory and practice is often greater in practice than in theory. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
