Is this an attack

[mojamoi]

Hello I find a lot of messages like this in /var/log/messages

Is this an attack?

What to do?

Sep 11 22:42:13 alpha named[26173]: client @0x7fcf941c5230 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:14 alpha named[26173]: client @0x7fcf9415f250 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:15 alpha named[26173]: client @0x7fcf942bd350 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:16 alpha named[26173]: client @0x7fcf94291730 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:17 alpha named[26173]: client @0x7fcf94377dd0 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:17 alpha named[26173]: client @0x7fcf943407b0 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:21 alpha named[26173]: client @0x7fcf9415f250 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied

 

[ankeshanand]

Its not an attack!
Add the Following to /etc/named.conf in order to disable it:

logging {
    category security { null; };
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};

Then,

/usr/local/cpanel/scripts/rebuilddnsconfig

Category "security" is concerned with approved/denied queries in BIND...So you can disable it. Also,you can re-enable if you want to debug some problems.

 

[cPJustinD]

Hey there! This does not appear to be an attack, rather a cached query rejection. This can typically be caused by customizations to the /etc/named.conf file. You can move the file out of the way (mv -vi /etc/named.conf{,.old})

Then you can regenerate a base conf file with your server's configured zone files using this script:

/scripts/rebuilddnsconfig

I hope that this helps. Let us know if you have any other questions!