saying
- Code: Select all
Feb 27 22:13:42 ecs03 named[1623]: client 62.109.4.89#31742: query (cache) './NS/IN' denied
i looked up this ipaddress
http://www.ip-adress.com/whois/62.109.4.89
IP address: 62.109.4.89
Host to this IP: invest-pool.ru [whois]
Country: ip address flag Luxembourg
see this site for an explanation of query (cache) denied message
http://www.reedmedia.net/misc/dns/errors.html
query (cache) denied
Aug 31 01:53:56 antelope named[157]: client 207.46.150.16#36789: query (cache)
denied
In this case, the server was supposed to be authoritative, but named was not configured as a slave (or master) for the zone. (Notice that the record asked about was not logged.) Some client resolvers give up when it didn't give an answer (and didn't try the other nameservers).
to block this site I added these lines to my iptables firewall
-A INPUT -s 62.109.4.89/32 -p tcp -m tcp --dport 53 -j REJECT
-A INPUT -s 62.109.4.89/32 -p udp -m udp --dport 53 -j REJECT