Is this an attack
Hello I find a lot of messages like this in /var/log/messages
Is this an attack?
What to do?
Sep 11 22:42:13 alpha named[26173]: client @0x7fcf941c5230 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:14 alpha named[26173]: client @0x7fcf9415f250 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:15 alpha named[26173]: client @0x7fcf942bd350 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:16 alpha named[26173]: client @0x7fcf94291730 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:17 alpha named[26173]: client @0x7fcf94377dd0 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:17 alpha named[26173]: client @0x7fcf943407b0 74.103.148.46#6672 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
Sep 11 22:42:21 alpha named[26173]: client @0x7fcf9415f250 73.136.14.166#80 (vmwarseo.com): query (cache) 'vmwarseo.com/RRSIG/IN' denied
-
Its not an attack! Add the Following to /etc/named.conf in order to disable it: logging { category security { null; }; channel default_debug { file "data/named.run"; severity dynamic; }; };
Then,/usr/local/cpanel/scripts/rebuilddnsconfig
Category "security" is concerned with approved/denied queries in BIND...So you can disable it. Also,you can re-enable if you want to debug some problems.0 -
Hey there! This does not appear to be an attack, rather a cached query rejection. This can typically be caused by customizations to the /etc/named.conf
file. You can move the file out of the way (mv -vi /etc/named.conf{,.old}
) Then you can regenerate a base conf file with your server's configured zone files using this script:/scripts/rebuilddnsconfig
I hope that this helps. Let us know if you have any other questions!0
Please sign in to leave a comment.
Comments
2 comments