Plethora of logged messages started up
Robert Gahl
bgahl at bawcsa.org
Thu Dec 20 00:15:45 UTC 2001
At 06:47 PM 12/19/2001 -0500, Kevin Darcy wrote:
>It's probably just a change in the logging level. If you want to see exactly
>what queries are being denied, one way to see that is to lift your allow-query
>ACL temporarily and look at the query log. If you're paranoid, you could set
>an allow-recursion ACL while you're doing that just to make sure nobody is
>poisoning your cache or perpetrating a denial-of-service attack on your
>server.
Thanks for the help, Kevin. I'm not too paranoid, so I removed the
allow-query ACL below in the slave:
> > >options {
> > > directory "/etc/dns";
> > > pid-file "/var/log/named.pid";
> > > listen-on { 127.0.0.1; 63.146.119.75; };
> > > query-source address * port 53;
> > > // allow-query {
> > > // trusted;
> > > // };
> > > allow-transfer {
> > > none;
> > > };
> > > blackhole {
> > > bogon;
> > > };
> > >};
There are no messages at all now (which I pretty much expect). However,
here's the odd part. I thought the following information over-rode the
overall ACL:
> > > // Fireclick hardware (official master)
> > > zone "fireclick.com" {
> > > type master;
> > > file "primary/zone.fireclick.com";
> > > allow-query {
> > > any;
> > > };
> > > allow-transfer {
> > > localhost;
> > > fireclick-xfer;
> > > };
> > > };
My reading of the 4th edition says to me it does. So, do these error
messages mean someone is asking me for something I'm not providing? Do I
need to turn on logging within the named.conf to see what that is?
Thanks.
===
Bob Gahl Bicycle (Ryan Vanguard) Mobile || @
ARPA/Internet: bgahl at bawcsa.org || !_ \
URL: http://www.bawcsa.org/bgahl/ || (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb
More information about the bind-users
mailing list