BIND query denied not blocking
Posted: 01 Jul 2014, 19:29
I have
LF_BIND = "2" (for testing purposes)
BIND_LOG = "/var/log/syslog"
but its not picking up any of the denied querys im seeing.
Seeing the following in /var/log/syslog
which as far as i can tell should match the default BIND regex
/^(\S+|\S+\s+\d+\s+\S+) \S+ named\[\d+\]: client (\S+)\#\d+\:( view external\:)? (update|zone transfer|query \(cache\)) \'.*\' denied$/
Any ideas what im missing?
LF_BIND = "2" (for testing purposes)
BIND_LOG = "/var/log/syslog"
but its not picking up any of the denied querys im seeing.
Seeing the following in /var/log/syslog
Code: Select all
Jul 1 18:18:45 serval named[4556]: client 202.46.56.112#1814: query (cache) '*************/A/IN' denied
Jul 1 18:18:45 serval named[4556]: client 180.76.5.190#37682: query (cache) '*************/A/IN' denied
Jul 1 18:18:45 serval named[4556]: client 180.76.6.135#43435: query (cache) '*************/A/IN' denied
Jul 1 18:18:45 serval named[4556]: client 180.76.5.94#33739: query (cache) '*************/A/IN' denied
Jul 1 18:19:09 serval named[4556]: client 65.55.5.152#33841: query (cache) '*************/A/IN' denied
Jul 1 18:19:09 serval named[4556]: client 65.55.5.152#33841: query (cache) '*************/A/IN' denied
Jul 1 18:19:09 serval named[4556]: client 65.55.5.152#33841: query (cache) '*************/A/IN' denied
Jul 1 18:19:27 serval named[4556]: client 66.249.66.235#61879: query (cache) '*************/A/IN' denied
Jul 1 18:19:41 serval named[4556]: client 180.76.5.177#34078: query (cache) '*************/A/IN' denied
Jul 1 18:19:42 serval named[4556]: client 180.76.5.149#43122: query (cache) '*************/A/IN' denied
/^(\S+|\S+\s+\d+\s+\S+) \S+ named\[\d+\]: client (\S+)\#\d+\:( view external\:)? (update|zone transfer|query \(cache\)) \'.*\' denied$/
Any ideas what im missing?