In my message log file I have the following errors over and over.
Mar 13 13:48:44 server2 named[3516]: client 39.47.180.125#16875: query (cache) 'alt2.aspmx.l.google.com/A/IN' denied
Mar 13 13:48:45 server2 named[3516]: client 39.47.180.125#16882: query (cache) 'aspmx2.googlemail.com/A/IN' denied
Mar 13 13:48:45 server2 named[3516]: client 39.47.180.125#16894: query (cache) 'aspmx3.googlemail.com/A/IN' denied
Mar 13 13:48:45 server2 named[3516]: client 39.47.180.125#16903: query (cache) 'aspmx4.googlemail.com/A/IN' denied
Mar 13 13:48:46 server2 named[3516]: client 39.47.180.125#16918: query (cache) 'aspmx5.googlemail.com/A/IN' denied
Mar 13 13:48:46 server2 named[3516]: client 39.47.180.125#16928: query (cache) 'aspmx.l.google.com/A/IN' denied
Mar 13 13:48:46 server2 named[3516]: client 39.47.180.125#16937: query (cache) 'alt1.aspmx.l.google.com/A/IN' denied
Now I have researched this and found it is a harmless notification, but it makes the log very difficult to find actual real issues. Is there a way to either not log those entries, block the offending ip addresses as they are probably spammers anyway, or adjust the logscanner/logwatch from CSF to not pick up those entries?
I'm on the downeaster alexa - DNS Misconfigs for fun and profit: How to get the most from your DNS logs, part 1
This page has some very good insight on it, and also a script solution at the bottom but I have no idea how to implement it. Could someone please advise?
Mar 13 13:48:44 server2 named[3516]: client 39.47.180.125#16875: query (cache) 'alt2.aspmx.l.google.com/A/IN' denied
Mar 13 13:48:45 server2 named[3516]: client 39.47.180.125#16882: query (cache) 'aspmx2.googlemail.com/A/IN' denied
Mar 13 13:48:45 server2 named[3516]: client 39.47.180.125#16894: query (cache) 'aspmx3.googlemail.com/A/IN' denied
Mar 13 13:48:45 server2 named[3516]: client 39.47.180.125#16903: query (cache) 'aspmx4.googlemail.com/A/IN' denied
Mar 13 13:48:46 server2 named[3516]: client 39.47.180.125#16918: query (cache) 'aspmx5.googlemail.com/A/IN' denied
Mar 13 13:48:46 server2 named[3516]: client 39.47.180.125#16928: query (cache) 'aspmx.l.google.com/A/IN' denied
Mar 13 13:48:46 server2 named[3516]: client 39.47.180.125#16937: query (cache) 'alt1.aspmx.l.google.com/A/IN' denied
Now I have researched this and found it is a harmless notification, but it makes the log very difficult to find actual real issues. Is there a way to either not log those entries, block the offending ip addresses as they are probably spammers anyway, or adjust the logscanner/logwatch from CSF to not pick up those entries?
I'm on the downeaster alexa - DNS Misconfigs for fun and profit: How to get the most from your DNS logs, part 1
This page has some very good insight on it, and also a script solution at the bottom but I have no idea how to implement it. Could someone please advise?
