oshoukry at onepage.com
Thu Mar 15 23:35:15 UTC 2001
I have been running the named in debug mode, and have realized
that a lot of those queries are nameservers trying to find out
about our internal zones. I am not sure what is causing this,
becuase the only way you place that these internal zones/ips
are mentioned to the outside world is when you compose
messages in the "Recieved from:" header.
Does anyone has any clue why this could be happening?
How to stop this particular log?
How to Increase the info logged on denied queries so
instead if looking like this:
>>Mar 14 14:51:25 server1 /usr/sbin/named[pid]: client a.b.c.d#port: query
it would look like this
>>Mar 14 12:51:25 server1 /usr/sbin/named[pid]: client a.b.c.d#port: query
denied : host.internal.zone.MX
Any help is greatly apreciated,
Note: My only other solutions would be to create a seperate veiw, but that
will raise the size of the
named.conf by N.
From: Osman Shoukry [mailto:oshoukry at onepage.com]
Sent: Wednesday, March 14, 2001 4:26 PM
To: 'bind-users at isc.org'
Subject: logging queries
Is it possible to change the logging of denied queries to include the zone
that was in question, or the query that was denied, or a little more than
the just "query denied" message?
I am getting query denied in the logs, and wanted to see what they where
trying to do, most probably it is a version probe, but I have a few
restricted zones, that I only allow query from specified hosts, and those
could generate "query denied" as well... I was just thinking of a method to
defrentiate between the two.
I am currently running bind 9.1.0 on linux.
Thank you for all your help,
More information about the bind-users