logging queries

Osman Shoukry oshoukry at onepage.com
Thu Mar 15 23:35:15 UTC 2001

I have been running the named in debug mode, and have realized 
that a lot of those queries are nameservers trying to find out
about our internal zones.  I am not sure what is causing this,
becuase the only way you place that these internal zones/ips 
are mentioned to the outside world is when you compose 
messages in the "Recieved from:" header.

Does anyone has any clue why this could be happening? 
How to stop this particular log?
How to Increase the info logged on denied queries so 
instead if looking like this:
 >>Mar 14 14:51:25 server1 /usr/sbin/named[pid]: client a.b.c.d#port: query
it would look like this
 >>Mar 14 12:51:25 server1 /usr/sbin/named[pid]: client a.b.c.d#port: query
denied : host.internal.zone.MX
or something..

Any help is greatly apreciated,

Osman Shoukry

Note:  My only other solutions would be to create a seperate veiw, but that
will raise the size of the 
named.conf by N.

-----Original Message-----
From: Osman Shoukry [mailto:oshoukry at onepage.com]
Sent: Wednesday, March 14, 2001 4:26 PM
To: 'bind-users at isc.org'
Subject: logging queries

Dear all,

Is it possible to change the logging of denied queries to include the zone
that was in question, or the query that was denied, or a little more than
the just "query denied" message?
I am getting query denied in the logs, and wanted to see what they where
trying to do, most probably it is a version probe, but I have a few
restricted zones, that I only allow query from specified hosts, and those
could generate "query denied" as well... I was just thinking of a method to
defrentiate between the two.

I am currently running bind 9.1.0 on linux.

Thank you for all your help,

Osman Shoukry

More information about the bind-users mailing list