Source of syslog bind query denied message [closed]

What is the cause, and how can I stop this request on from my ip ( being continually repeated in /var/log/syslog?

Apr 14 20:37:10 named[1663]: client query (cache) '' denied

The server is a simple mail relay with postfix on Debian and I cannot find related actions in any logs, so fear it is an intrusion attempt.


named is the process name used by the Bind DNS server which can be configured to operate as either authoritative DNS server, recursive resolver, both, or even just a cache between client and recursive resolver.

The log message indicates that named has received a DNS query from the specified IP address and that named has refused to answer it. A response will be sent to the client indicating that the query was refused by your server.

The log line in your question is indication of a client looking for open resolvers. If you are running an authoritative only DNS server, those log lines are normal and harmless.

If all you want to run is a mail server and you don’t need a DNS server on this host, then you should disable named.

Source : Link , Question Author : Ole Juul , Answer Author : kasperd

Leave a Comment