Home / server / Questions / 354431
Accepted
bMon
Asked: 2012-01-28 14:09:43 +0800 CST

Messages log clogged with named querys

  • 772

I have a web server, port 53 is open for DNS. I am getting thousands of lines in my /var/log/messages that look like:

Jan 27 08:34:21 server named[14051]: client 77.88.26.1#5335: query (cache) 'www.bpharma.in/A/IN' denied

Jan 27 08:34:23 server named[14051]: client 77.88.16.112#52035: query (cache) 'www.bpharma.in/A/IN' denied

Jan 27 08:34:24 server named[14051]: client 77.88.16.112#63885: query (cache) 'bpharma.in/A/IN' denied

Jan 27 08:59:17 server named[14051]: client 66.249.71.24#52367: query (cache) 'maheshwar.in/A/IN' denied

Jan 27 08:59:25 server named[14051]: client 66.249.71.27#47186: query (cache) 'maheshwar.in/A/IN' denied

I am just wondering if this is normal, and if not what should I do about it?

domain-name-system apache-2.2 centos5

2 Answers

  1. Best Answer

    You can customize how BIND logs. I send all queries to their own file.

    From named.conf: 

    logging {  
    channel query_logging {  
        file "/var/log/query.log";  
        severity debug 3;  
        print-time yes;  
    };  
    category queries { query_logging; };  
};

    Make sure to setup log rotation for your new query log in /etc/logrotate.d/named.

    • 3

  2. No need to worry. The lines tell you that someone is trying to query your nameservers for domains you are not authoritative for.

    Also, you deny recursive lookups. Unless you really want to serve as a recursive name server to the world, it looks as it should

    The last thing that could be the case is, that the person who owns those domains somehow pointed them towards your name server. Maybe it's an IP address that has been owned by someone else with name servers earlier?

    • 0