The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

why named logging query cache denied to /var/log/messages?

Discussion in 'Bind / DNS / Nameserver Issues' started by hekri, Oct 23, 2010.

  1. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    why named logging query cache denied to /var/log/messages?

    I see many lines in /var/log/messages
    Code:
    Oct 23 12:57:14 server named[2503]: client 62.179.1.xxx#54378: query (cache) 'www.doman.com/A/IN' denied
    Oct 23 12:57:14 server named[2503]: client 123.19.8.xxx#42069: query (cache) 'www.example.com/A/IN' denied
    Oct 23 12:57:14 server named[2503]: client 90.27.7.xxx#18255: query (cache) 'www.example.com/A/IN' denied
    Oct 23 12:57:14 server named[2503]: client 45.146.143.xxx#27191: query (cache) 'www.example.net/A/IN' denied
    
    
    Why named logging thise?

    I have alow recursion only to my trusted hosts.

    I haved many lame servers in /var/log/messsages, i fix it by adding category lame-servers { null; }; do named.conf, maybe is the option to add to not logging query cache denied?
     
    #1 hekri, Oct 23, 2010
    Last edited by a moderator: Jan 4, 2016
  2. salubrium

    salubrium Member

    Joined:
    Jun 11, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Adding the following to your /etc/named.conf will stop logging the cache denied messages:

    Code:
        category security { null; };
    
    So it ends up looking like this in the logging section:
    Code:
    logging {
        category security { null; };
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
    };
    
     
    #2 salubrium, Apr 19, 2011
    Last edited: Apr 19, 2011
  3. vectro

    vectro Member

    Joined:
    Sep 2, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I recently had this problem and figured something out. All of the domains in the log entries where from canceled web hosting accounts. The domains were still pointed to my DNS servers even though the sites went out of business or went offline. In other words, they no longer have a DNS or HTTP entry here, but the domains still exists and have their DNS records pointed here. That accounted for every domain in the logs that I checked manually when I was trying to figure out what was going on.
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I am having the same exact problem, in spades, especially on one server which is seeing about 20 log entries per second of this sort, and including the fact that the domains being queried are no longer have DNS established on the server, etc.

    And yes, I've found that this logging can be switched off using "category security { null; };", but I would rather not switch off general security logging for named. Does anyone know of a way to switch off just and only the "query (cache)" logging?
     
  5. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Did you figure out how to do this?
     
  6. gryzli

    gryzli Active Member

    Joined:
    Jul 23, 2012
    Messages:
    44
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    As stated in BIND documentation, category "security" is concerned only with approved/denied queries, so I suppose it won't be such a miss to send them in /dev/null. You could always re-enable the logging if you need to debug some problems.

    You could use the following steps to stop DNS logging of denied queries :

    1. Edit /etc/named.conf
    Make the logging section look like this (as salubrium suggested)
    Code:
    logging {
        category security { null; };
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
    };
    2. Regenerate named.conf and restart named
    Code:
    /usr/local/cpanel/scripts/rebuilddnsconfig
    or
    Code:
    /usr/local/cpanel/scripts/rebuilddnsconfig
    3. Check if everything is okay
    - First issue bad query for non-existing domain (you can execute this outside the server )
    dig @your.server.com non-existing-domain.com

    - Then go and check the messages log
    grep named /var/log/messages | tail -n 100
     
Loading...

Share This Page