Hi,
for several days I have logs full of
type or pasjuil. 23 11:22:30 ucs named[9236]: client @0x7f64300d5b00 76.124.192.210#3453 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:30 ucs named[9236]: client @0x7f64300d5b00 50.91.3.71#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:32 ucs named[9236]: client @0x7f64300d5b00 50.91.3.71#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:38 ucs named[9236]: client @0x7f64300d5b00 24.71.26.126#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:43 ucs named[9236]: client @0x7f64300d5b00 69.249.50.99#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:43 ucs named[9236]: client @0x7f64300d5b00 71.251.154.137#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:43 ucs named[9236]: client @0x7f64300d5b00 24.71.26.126#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:22:44 ucs named[9236]: client @0x7f64300d5b00 71.251.154.137#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
here is the status of Bind9
type or paste code heresystemctl status bind9
● bind9.service - BIND Domain Name Server with samba4 backend
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/bind9.service.d
└─10-configure-backend.conf
Active: active (running) since Fri 2021-07-23 10:56:01 CEST; 7min ago
Docs: man:named(8)
Process: 9237 ExecStartPost=/usr/lib/univention-bind/samba4 wait-for-startup (code=exited, status=0/SUCCESS)
Main PID: 9236 (named)
Tasks: 7 (limit: 4915)
Memory: 38.4M
CGroup: /system.slice/bind9.service
└─9236 /usr/sbin/named -c /etc/bind/named.conf.samba4 -f -d 0
juil. 23 11:03:04 ucs named[9236]: client @0x7f64300d5b00 76.124.192.210#27330 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:03:07 ucs named[9236]: client @0x7f64300d5b00 69.249.50.99#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
juil. 23 11:03:09 ucs named[9236]: client @0x7f64300d5b00 70.143.122.32#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Is it possible to block this?
perhaps by modifying RECURSIVE (caching) ?
/etc/bind/named.conf.proxy: allow-recursion { localhost; 10.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 192.168.0.0/16; fc00::/7; fe80::/10; localnets; };
/etc/bind/named.conf.samba4: allow-recursion { localhost; 10.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 192.168.0.0/16; fc00::/7; fe80::/10; localnets; };
maybe my configuration is not right