On Tue, Apr 13, 2010 at 6:07 PM, Hugh E Cruickshank hugh@forsoft.com wrote:
I have found one suspicious entry in /var/log/messages:
Apr 12 17:34:14 fisds0 named[5210]: client 192.168.2.7#10242: updating zone 'forsoft.com/IN': deleting an RR
This would seem to indicate that the printer itself has issued the request to the DNS server but for the life of me I cannot see what might be doing it.
This means a couple things. First, your zone is configured to allow dynamic DNS updates, which can be okay, but usually you don't want this for a zone containing fixed records.
Second, it means that client updates is allowed. This can be bad, and generally when I set up dynamic DNS zones, I only allow updates from the dhcp server (usually the same box, so it's restricted to localhost doing the updating).
Essentially your printer is trying to update its record and removing the old one, but not publishing the right one, either through permissions or some other reason.
Has anyone encountered something similar and can point me in the right direction?
How do you have your zones and/or dhcp server configured? Can you sanitize them enough to post them?