-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Per Jessen wrote:
Richard Creighton wrote:
Jul 24 09:22:05 raid5 named[3935]: client 195.135.220.2#32768: query 'ns1.ricreig.com/AAAA/IN' denied Jul 24 09:22:05 raid5 named[3935]: client 195.135.220.2#32768: query 'ns2.ricreig.com/AAAA/IN' denied Jul 24 09:22:05 raid5 named[3935]: client 195.135.221.2#32768: query 'ns1.ricreig.com/AAAA/IN' denied Jul 24 09:22:05 raid5 named[3935]: client 195.135.221.2#32768: query 'ns2.ricreig.com/AAAA/IN' denied Jul 24 09:22:06 raid5 named[3935]: client 195.135.220.15#32768: query 'ns1.ricreig.com/AAAA/IN' denied Jul 24 09:22:06 raid5 named[3935]: client 195.135.220.15#32768: query 'ns2.ricreig.com/AAAA/IN' denied Jul 24 09:22:06 raid5 named[3935]: client 195.135.220.15#32768: query 'ns1.ricreig.com/AAAA/IN' denied Jul 24 09:22:06 raid5 named[3935]: client 195.135.220.15#32768: query 'ns2.ricreig.com/AAAA/IN' denied
195.135.220.2 is a SUSE name or mail-server or both. 195.135.221.2 is a SUSE name server. 195.135.220.15 is a SUSE name server.
Why are you refusing that lookup? (I'm assuming 'ricreig.com' is your domain).
With your ban, you've prevented people from doing:
"dig @ns2.ricreig.com. ns1.ricreig.com. AAAA"
It's your choice of course ....
/Per Jessen, Zürich
Ouch! If this is hosting the authorative master zone for the domain this means you may have inadvertently broken your domain. I am not certain this is a choice in this case... I think it is possible to configure the DNS to act as a cache forwarder for local workstations, and to reply to requests for info about ricreig.com from external locations. It should also be possible to configure the logs so that the denied requests are kept in a separate log... While your original post indicated that you where more concerned about log sizes, you did not indicate that you were holding your own domain info. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGrFFRasN0sSnLmgIRAr2XAJ0QuWWIrNoAnMLfK88g5+HIVWGRdgCePTmf HgWOc3PTmBfghrJRDJn1fxE= =BI62 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org