Hi all,
once again asking for your knowledge...

In am receiving this messages from my firewall:

Nov 27 08:32:48 dominios named[31213]: client 200.49.169.218#60762: updating zone 'grupoti.com/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)

But the IP 200.49.169.218 has no rights to modify the ZONE of any of my accounts, so my question is, is this an attempt to hack one of the domains in my server?

Your input, as always, is appreciated.

Regards.

The most probable is Yes.

Regards,
WSHosting

WSHosting rights. Most likely you have cracked.

I discovered that the IP that is trying to modify the ZONE is my customer own IP, could it be that his router is doing this? I assume it is because yesterday I got a lot of messages about this, but it ends when they closed the office. So, my question now is, could a router do this?

Any way, the firewall is working just fine stoping any attempt of modifying the zone.

UPDATE

Finally, thanks to the help of Jonathan at Configserver, I learned what happened. It is not a hack attempt nor even close to that, I was almost right about what it was, the customer has a router that was configured to point to my server and that is why it was attempting to enter into port 53, so I configured my CSF firewall and fixed the error.

Thanks to all that replied to this post.

Regards.

Dang...things were getting exciting too when you said it may be a hack. heh.

I advise you to use CSF or APBF

sYour input, as always, is appreciated.

UPDATE

It is not a hack attempt nor even close to that, I was almost right about what it was, the customer has a router that was configured to point to my server and that is why it was attempting to enter into port 53, so I configured my CSF firewall and fixed the error.


Regards.

I see this pretty common with some clients that have on-premise equipment. They erroneously point their internal systems at their server and enable things like dynamic DNS.