store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Mon Jul 28, 2014 6:31 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Logwatch Unmatched Entries
Unread postPosted: Wed Mar 02, 2011 4:51 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
I have CentOS5 with ASL and Plesk 10.1.1

I've been ignoring some entries in the daily Logwatch with many thousands of mailcontroller entries that are similar to the extract below.

Quote:
**Unmatched Entries**
binding TCP socket: address in use: 2 Time(s)
client 109.105.211.209 query (cache) 'mx21.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
client 109.105.211.209 query (cache) 'mx22.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
client 109.105.211.209 query (cache) 'mx23.mailcontroller.co.uk/A/IN' denied: 1 Time(s)


and some others - again thousands of entries:

Quote:
connection refused resolving 'ns2.bbs.ro/AAAA/IN': 86.123.48.5#53: 8 Time(s)
connection refused resolving 'smokin.orbital.net/A/IN': 80.88.198.4#53: 1 Time(s)
connection refused resolving 'smokin.orbital.net/AAAA/IN': 80.88.198.4#53: 1 Time(s)
found 4 CPUs, using 4 worker threads: 2 Time(s)
host unreachable resolving '25.1.18.64.dnsbl-1.uceprotect.net/TXT/IN': 174.136.193.2#53: 1 Time(s)
host unreachable resolving '25.44.236.222.dnsbl-1.uceprotect.net/TXT/IN': 174.136.193.2#53: 1 Time(s)
network unreachable resolving '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/PTR/IN': 2001:500:86::86#53: 1 Time(s)
network unreachable resolving '1.18.0.187.in-addr.arpa/PTR/IN': 2001:470:d87a:3::2#53: 1 Time(s)
network unreachable resolving '10.132.127.174.in-addr.arpa/PTR/IN': 2607:f060:2::2#53: 1 Time(s)
network unreachable resolving '10.173.138.83.in-addr.arpa/PTR/IN': 2001:6b0:7::2#53: 1 Time(s)
network unreachable resolving '10.173.138.83.in-addr.arpa/PTR/IN': 2001:dc0:2001:a:4608::59#53: 1 Time(s)


Can anyone tell me if there is anything we should be be doing at server level to get rid of these entries on the logwatch?

Manythanks, in advance, as ever.


Top
 Profile  
 
 Post subject: Re: Logwatch Unmatched Entries
Unread postPosted: Sat Mar 03, 2012 6:48 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
I keep ignoring the Unmatched Entries, but the thousands daily keep showing. It does not seem to be affexting the delivery of emails in any way. Can someone advise?


Top
 Profile  
 
 Post subject: Re: Logwatch Unmatched Entries
Unread postPosted: Sat Mar 03, 2012 10:14 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 520
Location: United Kingdom
Those are unsuccessful DNS lookups for domains your server is not hosting. Do you use Plesk DNS or external? If external you can block port 53 (named) and this will drop them at the firewall level. If internal, you need to accept DNS lookups, so... not sure what to suggest...


Top
 Profile  
 
 Post subject: Re: Logwatch Unmatched Entries
Unread postPosted: Sun Mar 04, 2012 3:53 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
Thank you Kalimari
We use Plesk DNS so looks from what you say that there is little we can do about this.


Top
 Profile  
 
 Post subject: Re: Logwatch Unmatched Entries
Unread postPosted: Mon Mar 05, 2012 10:35 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 10, 2006 12:55 pm
Posts: 672
Your problem is that BIND, by default, logs into the general syslog. You can avoid this problem by telling BIND to make its own log file. Add this code to your named.conf

Code:
logging{
  channel simple_log {
    file "/log/named.log" versions 3 size 10m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};

Remember that the path to your log file is relative to your chroot (IIRC Plesk's bind-chroot package uses /var/named/run-root/ instead of /var/named/chroot/).

_________________
"Its not a mac. I run linux... I'm actually cool." - scott


Top
 Profile  
 
 Post subject: Re: Logwatch Unmatched Entries
Unread postPosted: Tue Mar 06, 2012 5:46 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
Thank you very much for that Highland


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group