PDA

View Full Version : named ... view external: query (cache) 'domainhere.tk/A/IN' denied



Fli
12-29-2017, 10:35 AM
On cPanel server, the /var/log/messages file is large and is getting filled by excessive number of DNS server messages like this:


Nov 27 00:00:06 host1 named[16118]: client 74.125.*.*#39692: view external: query (cache) 'domainhere.tk/A/IN' denied

Here i want to share possible solution to this issue:

If anyone wants to prevent named to write the "security" kind of log entries (like one mentioned above) into /var/log/messages or syslog this worked for me:

Edit /etc/named.conf

into "logging {" section, add new line:

category security { null; };

Save file and run:

/usr/local/cpanel/scripts/rebuilddnsconfig

If not having cpanel server, maybe only "service named reload" or "/etc/init.d/named restart"

Here someone mentioned another approach, but i have not tested it: https://www.howtoforge.com/community/threads/dns-query-denied.44738/page-2#post-324770

Another way is to let the log file be flooded, but use fail2ban or ConfigServerFirewall to watch the log file and ban IPs with excessive number of requests. If you google it and the part of log entry you may even find a tutorial.