Re: client query logging (refused message)

2009-02-23 Thread Mark Andrews 

In message b8cf98c8-86d0-42df-95a4-e98a65cab...@i15g2000pro.googlegroups.com,
 asd...@gmail.com writes:
 62.109.4.89 and 195.68.176.4 are compromized/attackers

Actually they are more likely to be under attack.

Make sure that you (and your ISP) have deployed the measures
in BCP 38 to ensure that you are not the source of such a
attack.

Mark
 
 See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux-
 help/140848-var-log-messages-question.html
 
 Sample log entries:
 Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query
 (cache) './NS/IN' denied
 Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query
 (cache) './NS/IN' denied
 Frequency: 40 to 90 queries from those hosts per minute.
 
 -- Chris
 
 
 
 On Feb 17, 2:19 pm, JINMEI Tatuya / ...@l@C#:H(B jinmei_tat...@isc.org
 wrote:
  At Tue, 17 Feb 2009 08:15:39 -0500,
 
  Matthew Huff mh...@ox.com wrote:
   17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
   external-in: query: . IN NS +
   ...
 
   logged, and I have verified that the query is refused, but nothing in the
   log shows that it was refused. Is there anyway to log the success/failure
  of
   the queries?
 
  Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
  will provide a new logging category that can log the information you
  seem to want:
 
  17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) 
 for ./IN/NS at query.c:3887
 
  ---
  JINMEI, Tatuya
  Internet Systems Consortium, Inc.
  ___
  bind-users mailing list
  bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

client query logging (refused message)

2009-02-17 Thread Matthew Huff 

In my logging global section I have:

logging {

channel audit_log {
file /var/log/named_audit.log versions 128 size 4m;
severity debug;
print-time yes;
print-category yes;
  };

...
category client { audit_log; };
...
};

and I get:
...
17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
external-in: query: . IN NS +
...

logged, and I have verified that the query is refused, but nothing in the
log shows that it was refused. Is there anyway to log the success/failure of
the queries?



Matthew Huff   | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com  | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139


Matthew Huff.vcf
Description: Binary data


smime.p7s
Description: S/MIME cryptographic signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users