LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Dns problem (https://www.linuxquestions.org/questions/linux-server-73/dns-problem-657444/)

imago 07-22-2008 10:25 AM

Dns problem
 
hi...

Can anyone explain me how to prevent this error on DNS. I've been setup and configuring dns server..


Jul 22 11:22:47 ns1 named[16936]: client 92.114.98.10#58404: query 'wsiph3.com/NS/IN' denied
Jul 22 11:22:47 ns1 named[16936]: client 92.114.98.10#58405: query 'wsiph3.com/MX/IN' denied
Jul 22 11:22:47 ns1 named[16936]: client 92.114.98.10#58406: query 'wsiph3.com/SOA/IN' denied
Jul 22 11:22:47 ns1 named[16936]: client 92.114.98.10#58408: query (cache) 'adobe.com/A/IN' denied
Jul 22 11:22:48 ns1 named[16936]: client 89.36.21.43#12685: query 'www.wsiph3.com/A/IN' denied
Jul 22 11:22:49 ns1 named[16936]: client 89.36.21.43#12685: query 'www.wsiph3.com/A/IN' denied
Jul 22 11:22:49 ns1 named[16936]: client 89.36.21.43#12685: query 'ns1.wsiph3.com/AAAA/IN' denied
Jul 22 11:22:49 ns1 named[16936]: client 89.36.21.43#12685: query 'ns2.wsiph3.com/AAAA/IN' denied
Jul 22 11:23:14 ns1 named[16936]: client 195.60.98.252#4445: query 'wsiph3.com/SOA/IN' denied


thanks...

trickykid 07-22-2008 10:42 AM

Are these client denies from your own network? Is this DNS open to the world? Look like general requests for domains that this DNS is not setup or configured with, which is pretty typical with a DNS server that is accessible from the outside world.

imago 07-22-2008 10:45 AM

hi..

Can you teach me how plsssssssssss..


thanks

trickykid 07-22-2008 10:47 AM

Quote:

Originally Posted by imago (Post 3222713)
hi..

Can you teach me how plsssssssssss..


thanks

Teach you what? I can't teach you anything unless you answer my questions I asked.

imago 07-22-2008 10:52 AM

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {

listen-on port 53 {127.0.0.1; 192.168.1.4;};
directory "/var/named";
forwarders {
58.69.254.72;
58.69.254.137;
};
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// query-source port 53;
// query-source-v6 port 53;
listen-on { any; };
allow-query { localhost; 192.168.1.0/24; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};


zone "wsiph3.com" IN {
type master;
file "wsiph3.com.zone";
allow-update { none; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "wsiph3.com.rev.zone";
allow-update { none; };
};

include "/etc/rndc.key";


kindly check if it's right?

trickykid 07-22-2008 10:59 AM

Well, you have it to only allow localhost and 192.168.1.0/24:

Code:

allow-query { localhost; 192.168.1.0/24; };
So these clients trying to connect from 92.114.98.10 and 89.36.21.43 and 195.60.98.252 are getting denied cause you're not allowing them to query the server cause they don't fall into the 192.168.1.0/24 IP Range.

imago 07-22-2008 11:06 AM

thanks sir

trickykid 07-22-2008 11:09 AM

Quote:

Originally Posted by imago (Post 3222741)
thanks sir

No problem. Where's my "That was Easy!" button.. ;)


All times are GMT -5. The time now is 10:35 PM.