[CentOS] named logs (was logwatch)
John R Pierce
pierce at hogranch.com
Thu Mar 13 18:41:55 UTC 2014
On 3/13/2014 4:17 AM, John R Pierce wrote:
> ... 10-20MB daily logs of
> client 10.191.192.212 query (cache) 'm.777.liyuanxi.com/A/IN' denied: 1 Time(s)
> client 10.192.34.96 query (cache) 'dyjwntl.www.0411gogo.com/A/IN' denied: 1 Time(s)
> client 10.192.43.105 query (cache) 'doitxwx.777.liyuanxi.com/A/IN' denied: 1 Time(s)
> client 10.192.90.161 query (cache) 'v.www.90uc.com/A/IN' denied: 1 Time(s)
ok, let me rephrase this question.
how do I stop named (bind97 from CentOS 5.10) from logging those
specific events at all? there were 1.2 million of these yesterday.
no, fail2ban won't work,. no 2 came from the same IP. afaik, these are
attempts at cache poisoning, which I've disabled.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
More information about the CentOS
mailing list