Discussion:
named: security: notice: denied query from [127.0.0.1]
(too old to reply)
Marty Kuhrt
2007-01-30 19:57:02 UTC
Permalink
Hiya,

I just noticed these messages in my operator.log...

named: security: notice: denied query from [127.0.0.1].x for "gmail.com" IN

where x is some number that increases over time. The hostname
in the quotes changes as well, this is just one example.

So what does it mean?

Thanks,
Marty
Ken Connelly
2007-01-30 21:22:43 UTC
Permalink
have you limited recursion in your dns server to only your local network
(a good thing)? if so, you do need to allow the localhost (127.0.0.1)
to recursively query using your server or the machine running named
won't be able to find addresses for remote names.

- ken
Post by Marty Kuhrt
Hiya,
I just noticed these messages in my operator.log...
named: security: notice: denied query from [127.0.0.1].x for "gmail.com" IN
where x is some number that increases over time. The hostname
in the quotes changes as well, this is just one example.
So what does it mean?
Thanks,
Marty
--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: ***@uni.edu p: (319) 273-5850 f: (319) 273-7373
Ralph Young
2007-01-30 21:20:23 UTC
Permalink
Do you have an allow-query statement defined in your options ?

-----Original Message-----

Hiya,

I just noticed these messages in my operator.log...

named: security: notice: denied query from [127.0.0.1].x for "gmail.com" IN

where x is some number that increases over time. The hostname
in the quotes changes as well, this is just one example.

So what does it mean?

Thanks,
Marty
Bob Koehler
2007-01-30 21:58:30 UTC
Permalink
Post by Marty Kuhrt
Hiya,
I just noticed these messages in my operator.log...
named: security: notice: denied query from [127.0.0.1].x for "gmail.com" IN
where x is some number that increases over time. The hostname
in the quotes changes as well, this is just one example.
So what does it mean?
Somebody is probing the security of your system. You have filters
in place which are blocking them. You have logging enabled to OPCOM.
Marty Kuhrt
2007-01-31 19:50:17 UTC
Permalink
Post by Bob Koehler
Post by Marty Kuhrt
Hiya,
I just noticed these messages in my operator.log...
named: security: notice: denied query from [127.0.0.1].x for "gmail.com" IN
where x is some number that increases over time. The hostname
in the quotes changes as well, this is just one example.
So what does it mean?
Somebody is probing the security of your system.
no
Post by Bob Koehler
You have filters in place which are blocking them.
maybe
Post by Bob Koehler
You have logging enabled to OPCOM.
yes
Marty Kuhrt
2007-01-31 19:53:40 UTC
Permalink
Post by Marty Kuhrt
Hiya,
I just noticed these messages in my operator.log...
named: security: notice: denied query from [127.0.0.1].x for "gmail.com" IN
where x is some number that increases over time. The hostname
in the quotes changes as well, this is just one example.
So what does it mean?
Thanks,
Marty
The problem was a missing 127.0.0.1 in the internal acl in the
named.conf file. Prior to the MASTER_SERVER-020_A051 patch put
in place for DST changes, this was not a problem. After the
patch it started rejecting queries which SMTP and NTP (among
others) stop working. The update to named.conf to allow
127.0.0.1 fixed the problem.

Marty

Loading...