Query Denied bind 9.4
Dean Clapper
dclapper at universitycoop.com
Mon Nov 26 18:24:28 UTC 2007
I made the changes in /etc/named.conf. I created an acl for internal IPs and
changed
allow-query { any; };
to
allow-query {internals;};
Since that name is my email server, I have to let the outside world query
only that name? I don't want everyone to query everything, just the single
name right?
thanks
Dean
On 26 Nov 2007 at 13:12, Alan Clegg wrote:
> Dean Clapper wrote:
>
> > I turned off allow-query from "any" to just internals. While I was watching
> > the message logs I keep on getting the same message from outside
> > sources.
>
> Where did you "turn off" queries? Doing a bit of poking around, I see
> that the system in question is listed as an NS for several things, so
> systems doing queries for it's address is not unusual... Without
> knowing the system on which you are seeing the following "denied", we
> can't tell much.
>
> > client 212.17.192.45#53: query 'UTC.UNIV-COOP.AUSTIN.TX.US/A/IN'
> > denied
>
> baremetal 17} dig -x 198.213.6.10
>
> ; <<>> DiG 9.4.1-P1 <<>> -x 198.213.6.10
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32435
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;10.6.213.198.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 10.6.213.198.in-addr.arpa. 86400 IN PTR utc.univ-coop.austin.tx.us.
>
> ;; AUTHORITY SECTION:
> 6.213.198.in-addr.arpa. 86399 IN NS utc.univ-coop.austin.tx.us.
> 6.213.198.in-addr.arpa. 86399 IN NS ns2.ots.utsystem.edu.
>
> ;; ADDITIONAL SECTION:
> ns2.ots.utsystem.edu. 84035 IN A 206.77.62.130
> utc.univ-coop.austin.tx.us. 84034 IN A 198.213.6.10
>
> ;; Query time: 740 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 26 13:08:05 2007
> ;; MSG SIZE rcvd: 163
>
> >
> > They are trying to query the same name over and over. However it is
> > different clients from the outside. The same machine is also the mail
> > server.
>
> > Is the reason this is happening because they are trying to find our domain to
> > send emails? However, we are currently getting emails?
>
> AlanC
>
>
More information about the bind-users
mailing list