view external: query (cache) denied on bind9/named

Question

Is this an attack? I get a lot of :

view external: query (cache) denied in the /var/log/messages

score 1 · Answer 1 · answered Nov 10 '12 at 05:20

1

No that's no hack ;) Obviously Your DNS server isn't set up well. Try adding nameserver 127.0.0.1 to DNS server's /etc/resolv.conf and add your subnet (192.168.0.0/24) to /etc/bind/named.conf

acl internals { 127.0.0.0/8; 192.168.0.0/24; };

answered Nov 10 '12 at 05:20

zzeroo

151
4

Can you explain why nameserver 127.0.0.1 should fix it? And what will be the results in case of a web hosting server? – 16851556 Dec 29 '17 at 09:05

score 0 · Answer 2 · answered Feb 13 '14 at 14:45

It is probably not an attack. The only one thing that I'd suggest to better bind9 configuration is to set up logging so that such kind of security lines are written in their own file. For example, in the "logging" stanza:

channel security_log { 
            file "/var/log/named-denied.log" versions 3;
            print-time yes;
            print-severity yes;
            print-category yes;
            severity info;
};

and

category security { security_log; };

If bind is configured well, that file will be filled with queries that shouldn't have been directed to your server in the first place. It is possible to extract recurring patterns, for example expired delegations --even after several years.

score -1 · Answer 3 · edited Mar 10 '13 at 03:25

-1

It's not a hack however you need to set up your server's DNS better. If you use cpanel for your control panel WHM should automatically pick up the information. If not you can fix it later on when you set up your name servers, set an ip to them, etc.

edited Mar 10 '13 at 03:25

Grant

17,671
14
69
101

answered Mar 10 '13 at 02:37

james van schoonhoven

1

Please try to write understandable English. – vonbrand Mar 10 '13 at 02:58

view external: query (cache) denied on bind9/named

3 Answers3