Perfect Server CentOS 8, ISPConfig 3.2.6 I'm seeing a lot of these in the messages log: Code: Jan 23 03:32:40 dns named[16432]: error (unexpected RCODE REFUSED) resolving 'mydomain.com/MX/IN' it switches from MX to NS, from domain to domain, several each second. Some of them are dead domains, i think, if that helps. I'm assuming it's an attempt to find something wrong to expolit. that said, is there a way to block this type of request (if it's specific or unique and not needed) or a way to not record these log entries, or add more info to the entry to be able to block them somehow? Or is this actually a prblem that needs a fix? I read elsewhere there used to be a "category lame-servers null' fix (add to named.conf logging section) to disable these entries, but that doesn't appear to be an option any longer (i tried, it complained: /etc/named.conf:18: unknown option 'category' ). I'm partly worried I might have a hole, but otherwise mostly annoyed. Thanks!
Are the domains in those log lines your domains? That would be strange. If they are, fix the name service entries for your domains so they resolve properly. If they are some random domains from the interwebs, then maybe spammers are sending emails to your server and mark them as coming from bogus domains that do not resolve from name service. In this case preventing them from arriving at your server is not feasible. As for not showing in logs, did you add in named configuration: Code: logging { category lame-servers { null; }; };
thanks for the response. this is my current logging section of named.conf: Code: logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; and in typing this, i realize I added the "category" entry inside the channel entry, not outside it. ... well, putting it in the right spot helps - no errors on restart this time: Code: logging { channel default_debug { file "data/named.run"; severity dynamic; }; category lame-servers { null; }; }; most of the domains are/were my domains, and now that you mention "that's odd" and "fix the name service entries" i think i know why they're appearing. some of them are domains that are still registered, but no longer defined in ISPConfig. some may be redirect domains whose primary domain is now elsewhere, but the NS entries may not have been updated. so it appears my complaint is really just a realization that I didn't follow through on something I should've. Sorry to waste your time. Thanks for help figuring it out though.
