system log full of named denied queries

Discussion in 'General' started by Skyflash, May 21, 2014.

  1. Skyflash

    Skyflash New Member

    I'm having many, many dns denied connections, and i don't know if this is dangerous. Pls see:

    and much more. Many attempts per second. The firewall and fail2ban are activated, but no action is taken. Someone can explain me why?

    ISPC on CentOS 6.4
  2. Skyflash

    Skyflash New Member

    My named.conf

    // named.conf
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    options {
            listen-on port 53 { any; };
            listen-on-v6 port 53 { any; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { any; };
            recursion no;
            allow-recursion { none; };
    logging {
            channel default_debug {
                    file "data/";
                    severity dynamic;
    zone "." IN {
            type hint;
            file "";
    include "/etc/named.conf.local";
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Are the domains listed in the log domains where you provide dns service for? If not, then the denied queries mean that your bind is configured correctly, as it denies recursive queries from external sources for non local domains.
  4. Skyflash

    Skyflash New Member

    No, are completely unknown domains :(

    Now i've applied this tweak:

    And now the fail2ban log is full of banned ips :)

    Do you think is a correct way?

Share This Page