logging un-authorized zone transfers
naegele at SHE.DE
naegele at SHE.DE
Mon Jun 14 20:30:05 UTC 1999
Lance Spitzner <lspitz at enteract.com> wrote:
: How do I log all un-successful (un-authorized)
: zone transfers?
: This is the logging I currently have, which
: only logs successfull transfers. How do I
: log all unsuccessful (un-authorized)
: transfers?
look in your syslog (/var/log/messages) for something like:
Jun 10 07:57:06 ns.she.de named[30394]: unapproved AXFR from [194.122.214.66].1542 for "90.98.193.in-addr.arpa" (not auth)
An authorized transfer should logged by syslog with "approved AXFR from ..."
I have an entry like
*.info /var/log/messages
in my /etc/syslog.conf and no special logging activated in the named.conf
: --- /etc/named.conf ---
: logging {
: channel bind_xfers { // - "Log all zone transfers
: file "/var/adm/bind_xferlog";
: severity info;
: };
: category xfer-in { bind_xfers; };
: category xfer-out { bind_xfers; };
: --- snip snip ---
: Thanks!
Ralf
: Lance Spitzner
: http://www.enteract.com/~lspitz
: Internetworking & Security Engineer
: Dimension Enterprises Inc
More information about the bind-users
mailing list