<HTML>
<HEAD>
<TITLE>Bind9, repeated log message: update failed, prerequisite not satisfied (NXRRSET)</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Hello,<BR>
<BR>
I am looking into repeated log entries that look like this:<BR>
<BR>
Nov 20 07:08:15 server named[12345]: client 71.193.78.56#1635: updating zo<BR>
ne 'somecompany.net/IN': update failed: 'RRset exists (value dependent)' prereq<BR>
uisite not satisfied (NXRRSET)<BR>
Nov 20 07:08:15 server named[12345]: Nov 20 07:08:15.201security: error: c<BR>
lient 71.193.78.56#1638: update 'somecompany.net/IN' denied<BR>
<BR>
This Bind 9 implementation is authoritative for a dozen or so zones, but these entries are being repeatedly logged for only three of them. I have seen reference on other mailing lists that this may be expected behavior and could be windows clients trying to perform dyamic updates this Bind server. Unless these clients were allowed to perform updates by adding them to the allow-update parameter of the zone entry in named.conf, the message is normal as these clients should not be able to update your zone files.<BR>
<BR>
The zone entry in named.conf looks like this:<BR>
<BR>
zone "somecompany.net" {<BR>
type master;<BR>
notify yes;<BR>
file "db.somecompany.net";<BR>
allow-update { none; };<BR>
<BR>
Any thoughts on whether I should be concerned about this? And if so, what prerequisite is not being met? I have read rfc2136.txt but I wasn’t able to make a lot of sense of it.<BR>
<BR>
Thanks,<BR>
</SPAN></FONT>
</BODY>
</HTML>