Where do recursion denied messages go?

Holger Honert holger.honert at signal-iduna.org
Thu Apr 27 08:15:27 UTC 2006

> Eivind Olsen <eivind at aminor.no> wrote:
>> Hello.
>> Where do "recursion denied" messages go? I have a server running BIND 
>> 9.3.1, and I'd like to see which queries it denies (I'm using 
>> "allow-recursion" to allow just some networks to use it recursively).
>> I have tried to provoke generation fo such messages by doing recursive 
>> queries from an external network, but nothing is shown in the logs. What 
>> logs? BIND has not been configured to use any special logging settings, 
>> so it uses whatever the default is. OS = Solaris 5.8. I see some 
>> "named"-messages in /var/adm/messages but nothing related to recursion 
>> being denied anyone.
>> Do I need to tweak the logging to get what I want? If so, which category 
>> and severity level am I looking for?

we have had luck with this settings in named.conf:
        channel security_log {
                file "/var/log/security.log" versions 5 size 5m;
                severity debug ;
                print-category yes;
                print-severity yes;
                print-time yes;

        category security {


The messages in /var/log/security.log :

security.log:27-Apr-2006 10:05:52.695 security: info: client query (cache) './NS/IN' denied
security.log:27-Apr-2006 10:05:53.057 security: info: client query (cache) './NS/IN' denied
security.log:27-Apr-2006 10:05:53.438 security: info: client query (cache) './NS/IN' denied



More information about the bind-users mailing list