62.109.4.89 and 195.68.176.4 are compromized/attackers See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux- help/140848-var-log-messages-question.html
Sample log entries: Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query (cache) './NS/IN' denied Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query (cache) './NS/IN' denied Frequency: 40 to 90 queries from those hosts per minute. -- Chris On Feb 17, 2:19 pm, JINMEI Tatuya / 神明達哉 <jinmei_tat...@isc.org> wrote: > At Tue, 17 Feb 2009 08:15:39 -0500, > > Matthew Huff <mh...@ox.com> wrote: > > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view > > external-in: query: . IN NS + > > ... > > > logged, and I have verified that the query is refused, but nothing in the > > log shows that it was refused. Is there anyway to log the success/failure of > > the queries? > > Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5) > will provide a new logging category that can log the information you > seem to want: > > 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) > for ./IN/NS at query.c:3887 > > --- > JINMEI, Tatuya > Internet Systems Consortium, Inc. > _______________________________________________ > bind-users mailing list > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users