On Tue, Apr 13, 2010 at 6:07 PM, Hugh E Cruickshank <hugh at forsoft.com> wrote: > I have found one suspicious entry in /var/log/messages: > > Apr 12 17:34:14 fisds0 named[5210]: client 192.168.2.7#10242: updating > zone 'forsoft.com/IN': deleting an RR > > This would seem to indicate that the printer itself has issued the > request to the DNS server but for the life of me I cannot see what > might be doing it. This means a couple things. First, your zone is configured to allow dynamic DNS updates, which can be okay, but usually you don't want this for a zone containing fixed records. Second, it means that client updates is allowed. This can be bad, and generally when I set up dynamic DNS zones, I only allow updates from the dhcp server (usually the same box, so it's restricted to localhost doing the updating). Essentially your printer is trying to update its record and removing the old one, but not publishing the right one, either through permissions or some other reason. > Has anyone encountered something similar and can point me in the right > direction? How do you have your zones and/or dhcp server configured? Can you sanitize them enough to post them? -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell