How do I get named to not log events from certain IPs.
Doug Barton
dougb at dougbarton.us
Mon Jul 31 19:47:00 UTC 2006
aarontheyoung at gmail.com wrote:
> Hello,
>
> I have been successful running named on debian for quite some time and
> have recently adjusted my config to only respond for the domains we are
> authoritative for. Now, I am
> getting TONS of hits to our name servers EVEN THOUGH they continue to
> be denied the same dumb boneheads keep trying to update and query our
> name server for hosts that we don't manage.
Welcome to the wonderful world of DNS administration. :)
> My hourly log reports are now pretty tough to go through with this
> extra "denied" entries all over the place. Is there a way to configure
> named to NOT log activity from certain IP addresses?
You are better off blocking this sort of stuff with a firewall. Either
locally on the machine, or preferably farther upstream if you have a
cooperative network staff. You can also change the IP address of your name
server, if that's convenient.
I realize that none of that _should_ be necessary, however the reality is
that there are a lot of boneheads in this world, and even though I believe
it's worth trying to help educate them, they won't all listen.
hth,
Doug
--
If you're never wrong, you're not trying hard enough
More information about the bind-users
mailing list