Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - logical

Pages: [1]
1
CSF Firewall / Block denied bin/named queries
« on: April 11, 2020, 06:02:48 PM »
Hi all,

my log files are getting to be many hundreds of MB on a frequent basis, after checking through them, there are 10's of thousands of entries like this
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#27252 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied

I am running Restrict_Syslog level3, is there any way to get the firewall to block these IP addresses, have spent many hours today checking through settings etc but to no avail, a short extract is below.

Is this anything I should worry about, granted they probably cause very little server load BUT the size of the logs being generated and also that they are not good intention? should surely be blocked.

LF_BIND = "60" <<< did set this to 5 for testing but I suspect it is ignored due to the Syslog (any sensible way to enable it?)
LF_BIND_PERM = "1"

Thanks

Chris

Code: [Select]
Apr 11 18:29:47 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#37140 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:48 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#46054 (gutepin.com): query (cache) 'gutepin.com/NS/IN' denied
Apr 11 18:29:48 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#38211 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:48 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#10446 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:48 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#54154 (gutepin.com): query (cache) 'gutepin.com/NS/IN' denied
Apr 11 18:29:48 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#54327 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:48 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.106#56504 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#64360 (gutepin.com): query (cache) 'gutepin.com/NS/IN' denied
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#8109 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#14969 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#15857 (gutepin.com): query (cache) 'gutepin.com/NS/IN' denied
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#27252 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:53 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#39212 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:54 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#10270 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:54 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#50582 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:54 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#12891 (gutepin.com): query (cache) 'gutepin.com/NS/IN' denied
Apr 11 18:29:55 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#33580 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:55 fsrv1 named[991]: client @0x7f6cd40a9060 211.144.10.105#56248 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#54902 (ichfolge.com): query (cache) 'ichfolge.com/A/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#50540 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#50509 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#58602 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#52274 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#59709 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#64707 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#53013 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 20.187.1.135#57668 (www.ichfolge.com): query (cache) 'www.ichfolge.com/A/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 20.187.1.135#57668 (www.ichfolge.com): query (cache) 'www.ichfolge.com/A/IN' denied
Apr 11 18:29:57 fsrv1 named[991]: client @0x7f6cd40a9060 20.187.1.135#57668 (www.ichfolge.com): query (cache) 'www.ichfolge.com/A/IN' denied
Apr 11 18:29:58 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#58519 (ns2.gutepin.com): query (cache) 'ns2.gutepin.com/AAAA/IN' denied
Apr 11 18:29:58 fsrv1 named[991]: client @0x7f6cd40a9060 131.220.4.11#59158 (ns1.gutepin.com): query (cache) 'ns1.gutepin.com/AAAA/IN' denied

Pages: [1]