The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with query cache denied problem

Discussion in 'General Discussion' started by Misiek, Dec 3, 2009.

  1. Misiek

    Misiek Well-Known Member

    Joined:
    Feb 23, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    From just about a month i get full of those request in my messages file

    Code:
        client 12.25.232.115 view external: query (cache) 'LJBZF.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'LTBZOZ.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'LTYNF.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'LYNDFJ.JOBGAS.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'VJYZ.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'VTTBF.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'WWW.LJBZF.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'WWW.LTBZOZ.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'WWW.LTYNF.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'WWW.LYNDFJ.JOBGAS.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'WWW.VJYZ.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 12.25.232.115 view external: query (cache) 'WWW.VTTBF.SMARTHELPONLINE.COM/A/IN' denied: 1 Time(s)
        client 132.206.44.21 view external: query (cache) 'ns0.yourbabyboomer.com/AAAA/IN' denied: 1 Time(s)
        client 132.206.44.21 view external: query (cache) 'ns1.yourbabyboomer.com/AAAA/IN' denied: 1 Time(s)
        client 132.206.44.21 view external: query (cache) 'yourbabyboomer.com/MX/IN' denied: 1 Time(s)
        client 139.223.100.10 view external: query (cache) 'zhmboz.bestslip.com/A/IN' denied: 1 Time(s)
        client 139.223.2.136 view external: query (cache) 'ns0.bestslip.com/AAAA/IN' denied: 2 Time(s)
        client 139.223.2.136 view external: query (cache) 'ns1.bestslip.com/AAAA/IN' denied: 2 Time(s)
        client 139.223.2.136 view external: query (cache) 'zbrjfg.bestslip.com/A/IN' denied: 1 Time(s)
        client 139.223.2.136 view external: query (cache) 'zhmboz.bestslip.com/A/IN' denied: 1 Time(s)
        client 139.223.2.16 view external: query (cache) 'ns0.bestslip.com/AAAA/IN' denied: 2 Time(s)
        client 139.223.2.16 view external: query (cache) 'ns1.bestslip.com/AAAA/IN' denied: 2 Time(s)
        client 139.223.2.16 view external: query (cache) 'zbrjfg.bestslip.com/A/IN' denied: 1 Time(s)
        client 139.223.2.16 view external: query (cache) 'zhmboz.bestslip.com/A/IN' denied: 1 Time(s)
        client 139.223.31.10 view external: query (cache) 'zhmboz.bestslip.com/A/IN' denied: 1 Time(s)
        client 145.253.2.134 view external: query (cache) 'FLUSHSITE.com/A/IN' denied: 2 Time(s)
        client 145.253.2.134 view external: query (cache) 'JOBGAS.com/A/IN' denied: 2 Time(s)
        client 145.253.2.134 view external: query (cache) 'YOURBABYBOOMER.com/A/IN' denied: 2 Time(s)
        client 146.188.104.124 view external: query (cache) 'yourmyway.com/A/IN' denied: 2 Time(s)
        client 150.70.146.49 view external: query (cache) 'ns0.bestslip.com/AAAA/IN' denied: 1 Time(s)
        client 150.70.146.49 view external: query (cache) 'ns1.bestslip.com/AAAA/IN' denied: 1 Time(s)
        client 150.70.146.49 view external: query (cache) 'zhmboz.bestslip.com/A/IN' denied: 2 Time(s)
        client 150.70.146.49 view external: query (cache) 'zhmboz.bestslip.com/AAAA/IN' denied: 2 Time(s)
    
    Does anybody can help me how to stop those messages
    ??
     
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    Is recursion disabled in the named configuration? If not, try disabling it by editing the

    and insert the following line in the "options" section

    restart the named service once you save the file.
     
  3. Misiek

    Misiek Well-Known Member

    Joined:
    Feb 23, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    That unfortunatly did not hel i have recursion no in external view, added it also in options and still i get query (cache) denied.

    This is my config
    :

    Code:
    include "/etc/rndc.key";
    
    acl "trusted" {
        HEREIP1;HEREIP2;127.0.0.1;
    };
    
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    
    options {
        /* make named use port 53 for the source of all queries, to allow
             * firewalls to block all ports except 53:
             */
    
        // query-source    port 53;
        recursion no;
        // allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        allow-query-cache { trusted; };
        version "Another DNS";
        listen-on port 53 { trusted; };
        directory                "/var/named"; // the default
        pid-file                 "/var/run/named/named.pid";
        dump-file                "data/cache_dump.db";
        statistics-file          "data/named_stats.txt";
       /* memstatistics-file     "data/named_mem_stats.txt"; */
    };
    
    logging {
    /*      If you want to enable debugging, eg. using the 'rndc trace' command,
     *      named will try to write the 'named.run' file in the $directory (/var/nam
    ed").
     *      By default, SELinux policy does not allow named to modify the /var/named
    " directory,
     *      so put the default debug log file in data/ :
     */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
    };
    
    
     
  4. n00bie

    n00bie Active Member

    Joined:
    Mar 20, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    I'd also like to say that I am experiencing the same issue. Any resolution ?
     
  5. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    Those are reverse DNS queries which are denied and are logged. Such attempts are mostly carried out from hacked servers. If the requests are coming from same IP OR subnet, block them and notify the owner of the IP.
     
Loading...

Share This Page