Re: [CentOS] named logs (was logwatch)

13 Mar 2014


      On 3/13/2014 4:17 AM, John R Pierce wrote:
...
... 10-20MB daily logs of
      client 10.191.192.212 query (cache) 'm.777.liyuanxi.com/A/IN' denied: 1 Time(s)
      client 10.192.34.96 query (cache) 'dyjwntl.www.0411gogo.com/A/IN' denied: 1 Time(s)
      client 10.192.43.105 query (cache) 'doitxwx.777.liyuanxi.com/A/IN' denied: 1 Time(s)
      client 10.192.90.161 query (cache) 'v.www.90uc.com/A/IN' denied: 1 Time(s)
ok, let me rephrase this question.
how do I stop named (bind97 from CentOS 5.10) from logging those 
specific events at all?    there were 1.2 million of these yesterday.    
no, fail2ban won't work,. no 2 came from the same IP.   afaik, these are 
attempts at cache poisoning, which I've disabled.
-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] named logs (was logwatch)