client query logging (refused message)
asdlkf at gmail.com
asdlkf at gmail.com
Fri Feb 20 00:22:15 UTC 2009
62.109.4.89 and 195.68.176.4 are compromized/attackers
See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux-
help/140848-var-log-messages-question.html
Sample log entries:
Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query
(cache) './NS/IN' denied
Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query
(cache) './NS/IN' denied
Frequency: 40 to 90 queries from those hosts per minute.
-- Chris
On Feb 17, 2:19 pm, JINMEI Tatuya / 神明達哉 <Jinmei_Tat... at isc.org>
wrote:
> At Tue, 17 Feb 2009 08:15:39 -0500,
>
> Matthew Huff <mh... at ox.com> wrote:
> > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
> > external-in: query: . IN NS +
> > ...
>
> > logged, and I have verified that the query is refused, but nothing in the
> > log shows that it was refused. Is there anyway to log the success/failure of
> > the queries?
>
> Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
> will provide a new logging category that can log the information you
> seem to want:
>
> 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) for ./IN/NS at query.c:3887
>
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.
> _______________________________________________
> bind-users mailing list
> bind-us... at lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list