Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

why named logging query cache denied to /var/log/messages?

Discussion in 'Bind/DNS/Nameserver' started by hekri, Oct 23, 2010.

  1. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    147
    Likes Received:
    2
    Trophy Points:
    168
    why named logging query cache denied to /var/log/messages?

    I see many lines in /var/log/messages
    Code:
    Oct 23 12:57:14 server named[2503]: client 62.179.1.xxx#54378: query (cache) 'www.doman.com/A/IN' denied
Oct 23 12:57:14 server named[2503]: client 123.19.8.xxx#42069: query (cache) 'www.example.com/A/IN' denied
Oct 23 12:57:14 server named[2503]: client 90.27.7.xxx#18255: query (cache) 'www.example.com/A/IN' denied
Oct 23 12:57:14 server named[2503]: client 45.146.143.xxx#27191: query (cache) 'www.example.net/A/IN' denied
    Why named logging thise?

    I have alow recursion only to my trusted hosts.

    I haved many lame servers in /var/log/messsages, i fix it by adding category lame-servers { null; }; do named.conf, maybe is the option to add to not logging query cache denied?
     
    #1 hekri, Oct 23, 2010
    Last edited by a moderator: Jan 4, 2016
  2. salubrium

    salubrium Member

    Joined:
    Jun 11, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Adding the following to your /etc/named.conf will stop logging the cache denied messages:

    Code:
        category security { null; };
    So it ends up looking like this in the logging section:
    Code:
    logging {
    category security { null; };
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
     
    #2 salubrium, Apr 19, 2011
    Last edited: Apr 19, 2011
  3. vectro

    vectro Member

    Joined:
    Sep 2, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    I recently had this problem and figured something out. All of the domains in the log entries where from canceled web hosting accounts. The domains were still pointed to my DNS servers even though the sites went out of business or went offline. In other words, they no longer have a DNS or HTTP entry here, but the domains still exists and have their DNS records pointed here. That accounted for every domain in the logs that I checked manually when I was trying to figure out what was going on.
     
    #3 vectro, Aug 31, 2012
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    3
    Trophy Points:
    168
    I am having the same exact problem, in spades, especially on one server which is seeing about 20 log entries per second of this sort, and including the fact that the domains being queried are no longer have DNS established on the server, etc.

    And yes, I've found that this logging can be switched off using "category security { null; };", but I would rather not switch off general security logging for named. Does anyone know of a way to switch off just and only the "query (cache)" logging?
     
    #4 jols, Sep 22, 2012
  5. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    731
    Likes Received:
    3
    Trophy Points:
    318
    Did you figure out how to do this?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 electric, Nov 16, 2012
  6. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    As stated in BIND documentation, category "security" is concerned only with approved/denied queries, so I suppose it won't be such a miss to send them in /dev/null. You could always re-enable the logging if you need to debug some problems.

    You could use the following steps to stop DNS logging of denied queries :

    1. Edit /etc/named.conf
    Make the logging section look like this (as salubrium suggested)
    Code:
    logging {
    category security { null; };
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
    2. Regenerate named.conf and restart named
    Code:
    /usr/local/cpanel/scripts/rebuilddnsconfig
    or
    Code:
    /usr/local/cpanel/scripts/rebuilddnsconfig
    3. Check if everything is okay
    - First issue bad query for non-existing domain (you can execute this outside the server )
    dig @your.server.com non-existing-domain.com

    - Then go and check the messages log
    grep named /var/log/messages | tail -n 100
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 gryzli, Jan 4, 2016
    postcd likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - named logging query
  1. _jman

    PowerDNS also-notify syntax error when reading from named.conf

    _jman, Sep 8, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    95
    cPanelMichael
    Sep 12, 2018
  2. WebHostPro

    SOLVED How do you stop named from creating named.run files?

    WebHostPro, May 22, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    5
    Views:
    190
    cPanelMichael
    May 29, 2018
  3. WiddleWabbit

    Can't Set MySQL General Log to Named Pipe

    WiddleWabbit, Mar 8, 2018, in forum: Database Discussion
    Replies:
    1
    Views:
    291
    cPanelMichael
    Mar 9, 2018
  4. Diogo FC

    Error: You do not have a user named “users_name@subdomain.domain.com"

    Diogo FC, Jan 5, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    550
    cPanelMichael
    Jan 5, 2018
  5. WebHosting-UK

    Named Down When Restarting Server

    WebHosting-UK, Dec 8, 2017, in forum: General Discussion
    Replies:
    2
    Views:
    274
    WebHosting-UK
    Dec 9, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice