Hi all,
I have my bind9 DNS server running on Ubuntu with logging on. What's bothering me is that I have log full of localhost queries instead of from IP of the computer which actually asked.
DNS queries log:
/var/log/named.queries.log
Code:
24-Feb-2011 16:01:19.413 client 127.0.0.1#38022: query: clients4.google.com IN A + (127.0.0.1)
24-Feb-2011 16:01:19.474 client 127.0.0.1#46527: query: clients4.google.com IN A + (127.0.0.1)
24-Feb-2011 16:03:05.116 client 127.0.0.1#40820: query: safebrowsing.clients.google.com IN A + (127.0.0.1)
24-Feb-2011 16:03:05.248 client 127.0.0.1#44006: query: safebrowsing.clients.google.com IN A + (127.0.0.1)
24-Feb-2011 16:03:09.565 client 127.0.0.1#38636: query: safebrowsing-cache.google.com IN A + (127.0.0.1)
24-Feb-2011 16:03:09.697 client 127.0.0.1#38596: query: safebrowsing-cache.google.com IN A + (127.0.0.1)
24-Feb-2011 16:07:23.798 client 83.208.230.54#20788: query: um16.eset.com IN A + (83.167.232.18)
24-Feb-2011 16:09:44.960 client 83.208.230.54#20790: query: tsm05.eset.com IN A + (83.167.232.18)
24-Feb-2011 16:19:41.928 client 83.208.230.54#20793: query: wpad IN A + (83.167.232.18)
24-Feb-2011 16:19:44.462 client 83.208.230.54#20794: query: www.update.microsoft.com IN A + (83.167.232.18)
And yes, all of them are originally from different computer than the server is running on.
My configuration files are:
/etc/resolv.conf
Code:
nameserver 127.0.0.1
/etc/bind/named.conf
Code:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
/etc/bind/named.conf
Code:
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
4.4.4.4;
};
auth-nxdomain no; # conform to RFC1035
// listen-on-v6 { any; };
listen-on { any; };
allow-recursion { any; };
allow-recursion-on { any; };
querylog yes;
// max-cache-size 1M;
};
/etc/bind/named.conf.local
Code:
logging {
channel my_queries_only {
file "/var/log/named.queries.log" versions 3 size 5m;
print-time yes;
};
channel my_queries_severity {
file "/var/log/named.queries.severity.log" versions 3 size 5m;
severity critical;
print-time yes;
print-severity yes;
};
category queries { my_queries_only; my_queries_severity; };
channel default_syslog {
syslog daemon; // send to syslog's daemon facility
severity info; // only send priority info and higher
};
category default { default_syslog; };
channel my_all {
file "/var/log/named.all.log";
print-time yes;
};
category general { my_all; };
};
/etc/bind/named.conf.default-zones
Code:
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
I really don't know what to do, please help.
Thank you in advance.