Hi Ritah. I think rndc is a red herring. Whether you can control your server using rndc or not is a different topic to "why am I seeing xxxx 'denied'" in the logs.
I think a couple of questions you need to ask yourself are: Should these servers be receiving recursive queries from anywhere? If no, then named.conf should contain "recursion no;" and settings such as "allow-query-cache" should be set to "none;". If yes, then define the set of clients you expect them to receive queries from, create some ACLs, set "recursion yes;" and "allow-query-cache" (at a minimum) to use the ACLs. What zones are these servers authoritative for? If the server are not supposed to be receiving recursive queries and the queries you see in your log are not ones for which you are authoritative then take notes about which clients are sending these queries and go on a hunt. Perhaps the clients are misconfigured, or just being 'playful'! Some useful reading might be these articles and others in the KB. https://kb.isc.org/docs/bind-best-practices-authoritative https://kb.isc.org/docs/bind-best-practices-recursive and of course the ARM. I hope that helps. Cheers, Greg On Tue, 8 Mar 2022 at 01:45, Ritah Mulinde <ryta...@gmail.com> wrote: > Hi Guys > Just got my primary and secondary name servers running. > > However, when i reload rdnc and tail the syslogs all i get is "( > xxxx.xx.com): query (cache) 'cccc.xx.com/A/IN' denied" > > Not sure why. > > kindly asking for some pointers on where to start looking > > > Thank you > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users