Re: Logging on a Bind server

2020-10-20 Thread Chuck Aurora
On 2020-10-20 10:34, Borja Marcos wrote: On 20 Oct 2020, at 17:28, Rick Dicaire wrote: On Tue, Oct 20, 2020 at 10:17 AM wrote: Dear BIND-Users, Does someone has an idea, which log I have to activate. While everything Borja says below, and what Kevin said in the other subthread, is

Re: Logging on a Bind server

2020-10-20 Thread Kevin Darcy
[ Classification Level: GENERAL BUSINESS ] Sorry to follow up on my own post, but I feel I should add a caveat about blocking IPs -- the resolution of ns2.honeypot.us could *change* over time, so an IP-based block might not be effective in the long term, and in fact might cause more harm than

Re: Logging on a Bind server

2020-10-20 Thread Borja Marcos
> On 20 Oct 2020, at 17:28, Rick Dicaire wrote: > > On Tue, Oct 20, 2020 at 10:17 AM wrote: > Dear BIND-Users, > > Does someone has an idea, which log I have to activate. > > > Do you have querylog enabled? Querylog is not enough. It will tell you which clients are sending which

Re: Logging on a Bind server

2020-10-20 Thread Rick Dicaire
On Tue, Oct 20, 2020 at 10:17 AM wrote: > Dear BIND-Users, > > Does someone has an idea, which log I have to activate. > Do you have querylog enabled? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: Why are no notifies send?

2020-10-20 Thread Sami Ait Ali Oulahcen via bind-users
On 10/20/20 3:54 PM, Axel Rau wrote: Am 20.10.2020 um 16:02 schrieb Sami Ait Ali Oulahcen >: I don't see the part where the acls are used. Yes, acls have nothing to do with the notify, instead they are used in an allow-transfer statement. Is "also-notify" meant

Re: Why are no notifies send?

2020-10-20 Thread Axel Rau
> Am 20.10.2020 um 16:02 schrieb Sami Ait Ali Oulahcen : > > I don't see the part where the acls are used. Yes, acls have nothing to do with the notify, instead they are used in an allow-transfer statement. > Is "also-notify" meant to be "allow-notify" ? No: From bind 9.16 ARM: also-notify

Re: Logging on a Bind server

2020-10-20 Thread Kevin Darcy
[ Classification Level: GENERAL BUSINESS ] According to securitytrails.com (for instance), there are over 3,000 domains hosted on ns2.honeybot.us (securitytrails only shows the first few domains hosted -- to see more, one presumably needs a subscription to their service). If one of your clients

Logging on a Bind server

2020-10-20 Thread Senthan.Sivasundaram
Dear BIND-Users, We use in our environment a BIND Server. It works properly. One Day it came an alert from Cybereason (Antivirus-Software), that our Bind server tried to Connect to a suspicious domain "ns2.honeybot.us". But I couldn't find the log, which domain the BIND server was searching for,

Re: Why are no notifies send?

2020-10-20 Thread Sami Ait Ali Oulahcen via bind-users
I don't see the part where the acls are used. Is "also-notify" meant to be "allow-notify" ? On 10/20/20 12:55 PM, Axel Rau wrote: Using the IPv4 address of the dual stack notify receiver, works. Has anybody a working IPv6 notify address in use? Axel Am 16.10.2020 um 10:59 schrieb Axel Rau

Re: Why are no notifies send?

2020-10-20 Thread Axel Rau
Using the IPv4 address of the dual stack notify receiver, works. Has anybody a working IPv6 notify address in use? Axel > Am 16.10.2020 um 10:59 schrieb Axel Rau : > > Signierter PGP-Teil > Hi all, > > related parts from my named.conf: > - - - > include