client query logging (refused message)
Mark Andrews
Mark_Andrews at isc.org
Mon Feb 23 22:11:20 UTC 2009
In message <b8cf98c8-86d0-42df-95a4-e98a65caba94 at i15g2000pro.googlegroups.com>,
asdlkf at gmail.com writes:
> 62.109.4.89 and 195.68.176.4 are compromized/attackers
Actually they are more likely to be under attack.
Make sure that you (and your ISP) have deployed the measures
in BCP 38 to ensure that you are not the source of such a
attack.
Mark
> See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux-
> help/140848-var-log-messages-question.html
>
> Sample log entries:
> Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query
> (cache) './NS/IN' denied
> Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query
> (cache) './NS/IN' denied
> Frequency: 40 to 90 queries from those hosts per minute.
>
> -- Chris
>
>
>
> On Feb 17, 2:19 pm, JINMEI Tatuya / �$B?@L at C#:H�(B <Jinmei_Tat... at isc.org>
> wrote:
> > At Tue, 17 Feb 2009 08:15:39 -0500,
> >
> > Matthew Huff <mh... at ox.com> wrote:
> > > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
> > > external-in: query: . IN NS +
> > > ...
> >
> > > logged, and I have verified that the query is refused, but nothing in the
> > > log shows that it was refused. Is there anyway to log the success/failure
> of
> > > the queries?
> >
> > Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
> > will provide a new logging category that can log the information you
> > seem to want:
> >
> > 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED)
> for ./IN/NS at query.c:3887
> >
> > ---
> > JINMEI, Tatuya
> > Internet Systems Consortium, Inc.
> > _______________________________________________
> > bind-users mailing list
> > bind-us... at lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list