Where do recursion denied messages go?
Barry Finkel
b19141 at achilles.ctd.anl.gov
Wed Apr 26 13:17:10 UTC 2006
Eivind Olsen <eivind at aminor.no> wrote:
>Hello.
>
>Where do "recursion denied" messages go? I have a server running BIND
>9.3.1, and I'd like to see which queries it denies (I'm using
>"allow-recursion" to allow just some networks to use it recursively).
>
>I have tried to provoke generation fo such messages by doing recursive
>queries from an external network, but nothing is shown in the logs. What
>logs? BIND has not been configured to use any special logging settings,
>so it uses whatever the default is. OS = Solaris 5.8. I see some
>"named"-messages in /var/adm/messages but nothing related to recursion
>being denied anyone.
>
>Do I need to tweak the logging to get what I want? If so, which category
>and severity level am I looking for?
In my BIND 9.2.2 (Solaris 9) I see in the syslog:
named[183]: [ID 873579 daemon.info] client 24.15.141.154#65366:
query (cache) denied
This is after I added
allow-query { recursive-clients; arm_sites; };
to the global "options" and added
allow-query { any; };
to each "zone" definition (per a recent post by Mark Andrews). I
believe that I have no special logging enabled or disabled.
On a related topic, I would like to see this message expanded to include
the query that has been denied. Currently, the only way I have to see
what is denied is to find the IP addresses with the largest number of
"query (cache) denied" messages, run a snoop trace, and determine what
they are querying. In the process I found two zones that I should have
slaved on my server but I had not. If the syslog message contained
the query, I could more easily determine if I am missing any other
zone definitions. I have begun to look at the code, but I am not
familiar with the details of where the query is stored, so I have not
yet determined if the query is easily accessible at the time the
message is written.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list