Bind stats - denied queries?
Marc Roos
M.Roos at f1-outsourcing.eu
Mon Nov 30 10:12:14 UTC 2020
Are newer version of bind still logging like this
Nov 30 10:10:02 ns0 named[1303]: rate-limit: info: limit responses to
3.9.41.0/24
Nov 30 10:10:02 ns0 named[1303]: rate-limit: info: limit responses to
35.177.154.0/24
Nov 30 10:10:02 ns2 named[1241]: rate-limit: info: limit responses to
35.177.154.0/24
Nov 30 10:10:02 ns2 named[1241]: rate-limit: info: limit responses to
3.9.41.0/24
I already reported, that it is not to smart to log 3.9.41.0/24, better
could be logged 3.9.41.100/24 so you know the offending ip.
-----Original Message-----
From: Karl Pielorz [mailto:kpielorz_lst at tdx.co.uk]
Sent: Monday, November 30, 2020 11:08 AM
To: bind-users at lists.isc.org
Subject: Bind stats - denied queries?
Hi,
We've been seeing a huge increase in 'denied queries' against a couple
of Bind servers we look after (Bind 9.16.9) - these are currently logged
as:
"
Nov 30 00:00:00 client @0xXXXXX X.X.X.X#48536 (.): query (cache)
'./ANY/IN'
denied
"
This appears like it might be someone trying (unsuccessfully) to use us
as an amplifier / reflector.
We've got Bind's statistics file setup - but I can't see there's any
entry for these "denied" queries? - As we'd really like to monitor this.
If anyone knows what stat these turn up in the statistics file (if at
all?)
Thanks,
-Karl
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list