Query Denied bind 9.4

Dean Clapper dclapper at universitycoop.com
Mon Nov 26 18:24:28 UTC 2007 

I made the changes in /etc/named.conf.  I created an acl for internal IPs and 
changed

allow-query { any; };
to
allow-query {internals;};

Since that name is my email server, I have to let the outside world query 
only that name?  I don't want everyone to query everything, just the single 
name right?

thanks
Dean


On 26 Nov 2007 at 13:12, Alan Clegg wrote:

> Dean Clapper wrote:
> 
> > I turned off allow-query from "any" to just internals.  While I was watching 
> > the message logs I keep on getting the same message from outside 
> > sources.
> 
> Where did you "turn off" queries?  Doing a bit of poking around, I see
> that the system in question is listed as an NS for several things, so
> systems doing queries for it's address is not unusual...  Without
> knowing the system on which you are seeing the following "denied", we
> can't tell much.
> 
> > client 212.17.192.45#53: query 'UTC.UNIV-COOP.AUSTIN.TX.US/A/IN' 
> > denied
> 
> baremetal 17} dig -x 198.213.6.10
> 
> ; <<>> DiG 9.4.1-P1 <<>> -x 198.213.6.10
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32435
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;10.6.213.198.in-addr.arpa.     IN      PTR
> 
> ;; ANSWER SECTION:
> 10.6.213.198.in-addr.arpa. 86400 IN     PTR utc.univ-coop.austin.tx.us.
> 
> ;; AUTHORITY SECTION:
> 6.213.198.in-addr.arpa. 86399   IN      NS  utc.univ-coop.austin.tx.us.
> 6.213.198.in-addr.arpa. 86399   IN      NS  ns2.ots.utsystem.edu.
> 
> ;; ADDITIONAL SECTION:
> ns2.ots.utsystem.edu.   84035   IN      A       206.77.62.130
> utc.univ-coop.austin.tx.us. 84034 IN    A       198.213.6.10
> 
> ;; Query time: 740 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 26 13:08:05 2007
> ;; MSG SIZE  rcvd: 163
> 
> > 
> > They are trying to query the same name over and over.  However it is 
> > different clients from the outside.  The same machine is also the mail 
> > server.
> 
> > Is the reason this is happening because they are trying to find our domain to 
> > send emails?  However, we are currently getting emails?
> 
> AlanC
> 
>

More information about the bind-users mailing list