<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#ffffff">
<p>Hi Mark,<br>
<br>
Is there a way, by which we can log denied statement w.r.t. view
somewhere in logging ?<br>
<br>
Regards,<br>
Gaurav <br>
</p>
<div class="moz-cite-prefix">On 14/04/21 1:48 am, <a class="moz-txt-link-abbreviated" href="mailto:marka@isc.org">marka@isc.org</a>
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:67D2DEED-19A0-421D-83DB-6C1D5375F3F0@isc.org">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Real world configurations would have a catch all view after the
more specific views. Add one.
<div>
<div><br>
<div dir="ltr">--
<div>Mark Andrews</div>
</div>
<div dir="ltr"><br>
<blockquote type="cite">On 13 Apr 2021, at 22:41,
Sachchidanand Upadhyay via bind-users
<a class="moz-txt-link-rfc2396E" href="mailto:bind-users@lists.isc.org"><bind-users@lists.isc.org></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div style="font-family: arial, helvetica, sans-serif;
font-size: style=" font-size:="" 12pt;="" color:=""
#000000"="">
<div>Hi,<br>
</div>
<div><br data-mce-bogus="1">
</div>
<div> I am using bind's geoip feature, created one ACL
to allow country IN. I am not getting logs of a failed
query if the client IP is other than than country IN.</div>
<div> Rest all is working fine, getting logs of
successful queries. Below find the config details:<br
data-mce-bogus="1">
</div>
<div><br data-mce-bogus="1">
</div>
<div>BIND 9.16.13 (Stable Release) <id:072e758><br>
running on Linux x86_64 3.10.0-1160.24.1.el7.x86_64 #1
SMP Thu Apr 8 19:51:47 UTC 2021<br>
built by make with '--prefix=/usr' '--sysconfdir=/etc'
'--localstatedir=/var' '--mandir=/usr/share/man'
'--with-libtool=/usr/lib64' '--disable-static'
'--with-maxminddb'<br>
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-44)<br>
compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26
Jan 2017<br>
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan
2017<br>
compiled with libuv version: 1.41.0<br>
linked to libuv version: 1.41.0<br>
compiled with zlib version: 1.2.7<br>
linked to zlib version: 1.2.7<br>
linked to maxminddb version: 1.2.0<br>
threads support is enabled<br>
<br>
default paths:<br>
named configuration: /etc/named.conf<br>
rndc configuration: /etc/rndc.conf<br>
DNSSEC root key: /etc/bind.keys<br>
nsupdate session key: /var/run/named/session.key<br>
named PID file: /var/run/named/named.pid<br>
named lock file: /var/run/named/named.lock<br>
geoip-directory: /usr/share/GeoIP<br>
</div>
<div><br data-mce-bogus="1">
</div>
<div><br data-mce-bogus="1">
</div>
<div>acl "test" {<br>
geoip country IN;<br>
};<br data-mce-bogus="1">
</div>
<div><br data-mce-bogus="1">
</div>
<div>options {<br data-mce-bogus="1">
</div>
<div> geoip-directory "path to geo db";<br
data-mce-bogus="1">
</div>
<div><br data-mce-bogus="1">
</div>
<div>view "local" {<br>
match-clients { test; };<br>
recursion yes;<br data-mce-bogus="1">
</div>
<div><br data-mce-bogus="1">
</div>
<div>channel queries {<br>
file "/var/log/queries";<br>
print-time yes;<br>
print-category yes;<br>
print-severity yes;<br>
};<br>
category queries {<br>
queries;<br>
};<br>
channel security {<br>
file "/var/log/security";<br>
print-time yes;<br>
print-category yes;<br>
print-severity yes;<br>
};<br>
category security {<br>
queries;<br>
};<br>
channel query-errors {<br>
file "/var/log/query-errors";<br>
print-time yes;<br>
print-category yes;<br>
print-severity yes;<br>
};<br>
category query-errors {<br>
query-errors;<br>
};<br>
<br data-mce-bogus="1">
</div>
<div><br>
</div>
<div data-marker="__SIG_PRE__">
<div>BR,<br>
</div>
<div>Sachchidanand <br>
<br>
<br>
</div>
</div>
</div>
<br>
<br>
<span>_______________________________________________</span><br>
<span>Please visit
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to
unsubscribe from this list</span><br>
<span></span><br>
<span>ISC funds the development of this software with paid
support subscriptions. Contact us at
<a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.</span><br>
<span></span><br>
<span></span><br>
<span>bind-users mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a></span><br>
<span><a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></span><br>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Thanks and Regards,
Gaurav Kansal
+91-9910118448</pre>
<br>
<br><br>
<p class="MsoNoSpacing" style="text-align: justify;"><strong><span style="font-family: Verdana, sans-serif; font-size: 10pt;">Disclaimer:<o:p></o:p></span></strong></p><p class="MsoNoSpacing" style="text-align: justify;"><span style="font-family: Verdana, sans-serif; font-size: 9pt;">This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. </span><span style="font-family: Verdana, sans-serif; font-size: 9pt;"> </span><span style="font-family: Verdana, sans-serif; font-size: 9pt;"> </span></p></body>
</html>