The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

why named logging query cache denied to /var/log/messages?

Discussion in 'Bind / DNS / Nameserver Issues' started by hekri, Oct 23, 2010.

  1. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    168
    why named logging query cache denied to /var/log/messages?

    I see many lines in /var/log/messages
    Code:
    Oct 23 12:57:14 server named[2503]: client 62.179.1.xxx#54378: query (cache) 'www.doman.com/A/IN' denied
Oct 23 12:57:14 server named[2503]: client 123.19.8.xxx#42069: query (cache) 'www.example.com/A/IN' denied
Oct 23 12:57:14 server named[2503]: client 90.27.7.xxx#18255: query (cache) 'www.example.com/A/IN' denied
Oct 23 12:57:14 server named[2503]: client 45.146.143.xxx#27191: query (cache) 'www.example.net/A/IN' denied
    Why named logging thise?

    I have alow recursion only to my trusted hosts.

    I haved many lame servers in /var/log/messsages, i fix it by adding category lame-servers { null; }; do named.conf, maybe is the option to add to not logging query cache denied?
     
    #1 hekri, Oct 23, 2010
    Last edited by a moderator: Jan 4, 2016
  2. salubrium

    salubrium Member

    Joined:
    Jun 11, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Adding the following to your /etc/named.conf will stop logging the cache denied messages:

    Code:
        category security { null; };
    So it ends up looking like this in the logging section:
    Code:
    logging {
    category security { null; };
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
     
    #2 salubrium, Apr 19, 2011
    Last edited: Apr 19, 2011
  3. vectro

    vectro Member

    Joined:
    Sep 2, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    I recently had this problem and figured something out. All of the domains in the log entries where from canceled web hosting accounts. The domains were still pointed to my DNS servers even though the sites went out of business or went offline. In other words, they no longer have a DNS or HTTP entry here, but the domains still exists and have their DNS records pointed here. That accounted for every domain in the logs that I checked manually when I was trying to figure out what was going on.
     
    #3 vectro, Aug 31, 2012
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    I am having the same exact problem, in spades, especially on one server which is seeing about 20 log entries per second of this sort, and including the fact that the domains being queried are no longer have DNS established on the server, etc.

    And yes, I've found that this logging can be switched off using "category security { null; };", but I would rather not switch off general security logging for named. Does anyone know of a way to switch off just and only the "query (cache)" logging?
     
    #4 jols, Sep 22, 2012
  5. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    318
    Did you figure out how to do this?
     
    #5 electric, Nov 16, 2012
  6. gryzli

    gryzli Active Member

    Joined:
    Jul 23, 2012
    Messages:
    44
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    As stated in BIND documentation, category "security" is concerned only with approved/denied queries, so I suppose it won't be such a miss to send them in /dev/null. You could always re-enable the logging if you need to debug some problems.

    You could use the following steps to stop DNS logging of denied queries :

    1. Edit /etc/named.conf
    Make the logging section look like this (as salubrium suggested)
    Code:
    logging {
    category security { null; };
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
    2. Regenerate named.conf and restart named
    Code:
    /usr/local/cpanel/scripts/rebuilddnsconfig
    or
    Code:
    /usr/local/cpanel/scripts/rebuilddnsconfig
    3. Check if everything is okay
    - First issue bad query for non-existing domain (you can execute this outside the server )
    dig @your.server.com non-existing-domain.com

    - Then go and check the messages log
    grep named /var/log/messages | tail -n 100
     
    #6 gryzli, Jan 4, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - named logging query
  1. Metro2

    Two identical servers, different named.conf Logging section

    Metro2, Mar 9, 2016, in forum: Bind / DNS / Nameserver Issues
    Replies:
    5
    Views:
    652
    cPanelMichael
    Mar 30, 2016
  2. macklus

    SOLVED named errors installing cPanel on Proxmox

    macklus, Dec 12, 2016, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    238
    cPanelMichael
    Dec 13, 2016
  3. mesranet

    Named problem after upgrade kernel

    mesranet, Nov 25, 2016, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    311
    cPanelMichael
    Nov 28, 2016
  4. suberjin

    exim.conf rebuild fails with " too many named host lists (max is 16)" error

    suberjin, Sep 24, 2016, in forum: E-mail Discussions
    Replies:
    5
    Views:
    497
    cPanelMichael
    Feb 16, 2017
  5. shazde

    Changes to DNS zone files under /var/named do not show up under whm zone editor

    shazde, Jun 5, 2016, in forum: Bind / DNS / Nameserver Issues
    Replies:
    3
    Views:
    775
    cPanelMichael
    Jun 14, 2016

Share This Page