What is the cause, and how can I stop this request on example.com from my ip (xxx.xxx.xxx.xxx) being continually repeated in /var/log/syslog?
Apr 14 20:37:10 example.com named[1663]: client xxx.xxx.xxx.xxx#35295: query (cache) 'google.com/TXT/IN' deniedThe server is a simple mail relay with postfix on Debian and I cannot find related actions in any logs, so fear it is an intrusion attempt.
Answer
named is the process name used by the Bind DNS server which can be configured to operate as either authoritative DNS server, recursive resolver, both, or even just a cache between client and recursive resolver.
The log message indicates that named has received a DNS query from the specified IP address and that named has refused to answer it. A response will be sent to the client indicating that the query was refused by your server.
The log line in your question is indication of a client looking for open resolvers. If you are running an authoritative only DNS server, those log lines are normal and harmless.
If all you want to run is a mail server and you don’t need a DNS server on this host, then you should disable named.
Attribution
Source : Link , Question Author : Ole Juul , Answer Author : kasperd
