inadvertedly, a bind9 server I ran was an open resolver. Whoops.
Now it's been months and the recursive queries for isc.org
are still incoming. I would not mind if my /var/log/syslog
did not look like this:
Jul 6 01:10:23 servername last message repeated 6 times
Jul 6 01:10:23 servername named[2580]: client YYY.YY.YYY.YYY#25345: query (cache) 'isc.org/ANY/IN' denied
Jul 6 01:10:23 servername named[2580]: client ZZZ.ZZ.ZZZ.ZZ#25345: query (cache) 'isc.org/ANY/IN' denied
Jul 6 01:10:23 servername last message repeated 7 times
Jul 6 01:10:23 servername named[2580]: client AAA.AAA.A.AAA#25345: query (cache) 'isc.org/ANY/IN' denied
Jul 6 01:10:23 servername named[2580]: client BBB.BB.BB.BBB#25345: query (cache) 'isc.org/ANY/IN' denied
Jul 6 01:10:23 servername last message repeated 6 times
(One might find it funny that the above messages all appear within one second… I no longer don't.)
This really, REALLY makes it hard to catch any real errors that another service on the system may report.
I'd like to make bind9 no longer log these messages. And I'm crossing my fingers that it is possible to make only these messages disappear from the logs.
In what way can I disable messages that recursion is disallowed from appearing in the syslog (or other logs)?
servername:/etc/bind9# named -V
BIND 9.8.4-rpz2+rl005.12-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012
using libxml2 version: 2.8.0
servernane:/etc/bind9# uname -a
Linux servername 3.2.0-4-686-pae #1 SMP Debian 3.2.35-2 i686 GNU/Linux
To clarify:
I'm interested in more detailed example on how to silence just the 'recursion denied'-type messages.
Best Answer
Regarding disabling all the bind error logging for recursive queries such as "query (cache) 'theswat.net/ANY/IN' denied"
The below in /etc/named.conf redirect these to /var/named/data/named.security with a total size limit of 15mbytes of rolling over logs. Note that category security is only “Approval and denial of requests.”