How can I tell in the log if a query was successful or refused due to recursion?
Tony Toews
tony at tonytoews.com
Thu Dec 15 01:43:55 UTC 2005
Folks
I'm told that my DNS server is participating in "recursive dns dos
attack". So I've locked things down I think. More on that to follow as a
separate posting. So I'm looking at my log entries and I'm seeing the
same kind of traffic now as before I removed the recursion option.
How can I tell in the log if a query was successful or refused due to
recursion? An example of my current log follows:
14-Dec-2005 18:37:24.145 client 216.18.224.133#41538: query: e.tn.co.za ANY
ANY +E
14-Dec-2005 18:37:25.599 client 216.18.224.133#51561: query: e.tn.co.za ANY
ANY +E
14-Dec-2005 18:37:26.067 client 216.18.224.133#46417: query: e.tn.co.za ANY
ANY +E
14-Dec-2005 18:37:27.630 client 216.18.224.133#43677: query: e.tn.co.za ANY
ANY +E
14-Dec-2005 18:37:28.114 client 216.18.224.133#58498: query: e.tn.co.za ANY
ANY +E
Bind 9.3.1 on a Win 2003 Server. Serving as DNS for 23 very low traffic
domains hosted on that same system.
Thanks, Tony
More information about the bind-users
mailing list