How to Disable Logging of Unauthorized Updates on BIND 8.x Servers (240909)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q240909

SUMMARY

If you are running a BIND 8.x server that is not configured to allow updates, numerous error messages may be logged and the disk may possibly run out of space. To avoid filling up the BIND 8.x server log file with error messages, you may want to disable the logging of unauthorized update attempts from Windows 2000 clients.

MORE INFORMATION

BIND 8.x allows administrators to define a channel that associates output methods, format options, and severity levels with a name that can then be used with the Category statement to define how different classes of messages are logged. To avoid having unauthorized updates filling up the log file, an administrator can edit the "/etc/named.conf" BIND configuration file and set the severity level higher for the Security category so that these error messages are not logged, as follows: 
logging {
     channel sec_warning
     {
          syslog daemon;
          severity warning;
          print-category no;
          print-severity no;
          print-time yes;
     };
category security { sec_warning; };
};
Type the following line to reload the configuration file and cause the changes to take effect:

kill -HUP 'cat /etc/named.pid'

Modification Type:MajorLast Reviewed:11/13/2003
Keywords:kbenv kbinfo KB240909
©2003 Microsoft Corporation. All rights reserved.