why queries rejected?

Phil Mayers p.mayers at imperial.ac.uk
Wed Jan 19 11:35:11 UTC 2011

On 19/01/11 02:03, pyh at mail.nsbeta.info wrote:
> My zone is game.yy.com, and there are so many "auth queries rejected" in
> named.stats which was generated by "rndc stats". Could you show me some way
> to debug it? Thanks.

You can log rejected queries:

logging {
   channel "security_logfile" { file "thefile"; };
   category "security" { "security_logfile"; };

...then do "rndc reconfig". Examine the logs. Find the source IP of the 
query and the query name. Determine why it's being rejected.

It could just be source-spoofed DoS junk.

More information about the bind-users mailing list