mojamoi

Well-Known Member
Jul 23, 2007
195
0
66
Hello I find a lot of messages like this in /var/log/messages

Is this an attack?

What to do?

Sep 11 22:42:13 alpha named[26173]: client @0x7fcf941c5230 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:14 alpha named[26173]: client @0x7fcf9415f250 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:15 alpha named[26173]: client @0x7fcf942bd350 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:16 alpha named[26173]: client @0x7fcf94291730 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:17 alpha named[26173]: client @0x7fcf94377dd0 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:17 alpha named[26173]: client @0x7fcf943407b0 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:21 alpha named[26173]: client @0x7fcf9415f250 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
 

ankeshanand

Well-Known Member
Mar 29, 2021
203
61
103
India
cPanel Access Level
Root Administrator
Its not an attack!
Add the Following to /etc/named.conf in order to disable it:
Code:
logging {
    category security { null; };
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
Then,
Code:
/usr/local/cpanel/scripts/rebuilddnsconfig
Category "security" is concerned with approved/denied queries in BIND...So you can disable it. Also,you can re-enable if you want to debug some problems.
 
  • Like
Reactions: cPJustinD

cPJustinD

Administrator
Staff member
Jan 12, 2021
286
52
103
Houston
cPanel Access Level
Root Administrator
Hey there! This does not appear to be an attack, rather a cached query rejection. This can typically be caused by customizations to the /etc/named.conf file. You can move the file out of the way (mv -vi /etc/named.conf{,.old})

Then you can regenerate a base conf file with your server's configured zone files using this script:

Code:
/scripts/rebuilddnsconfig
I hope that this helps. Let us know if you have any other questions!