#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_named_refused.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
--- trunk~/config/filter.d/named-refused.conf	1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/named-refused.conf	2007-07-24 13:56:43.000000000 -0400
@@ -0,0 +1,33 @@
+# Fail2Ban configuration file for named (bind9). Trying to generalize the
+#          structure which is general to capture general patterns in log
+#          lines to cover different configurations/distributions
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision:  $
+#
+
+[Definition]
+
+# if you want to catch only login erros from specific daemons, use smth like
+#_named_rcodes=(?:REFUSED|SERVFAIL)
+# To catch all REFUSED queries only
+_named_rcodes=REFUSED
+_daemon=named
+
+#
+# Shortcuts for easier comprehension of the failregex
+__pid_re=(?:\[\d+\])
+__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
+__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+#       hostname       daemon_id         spaces
+__line_prefix=\s\S+ %(__daemon_combs_re)s\s+
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
+		    %(__line_prefix)sclient <HOST>#\S+: query\s*\(cache\) '.*' denied$
+
+
diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
--- trunk~/config/filter.d/named-refused.examples	1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/named-refused.examples	2007-07-24 13:57:18.000000000 -0400
@@ -0,0 +1,232 @@
+Jul 24 12:28:45 raid5 named[3935]: client 148.160.29.6#33081: query(cache) 'wolfsmensch.de/NS/IN' denied
+Jul 24 12:31:56 raid5 named[3935]: client 148.160.29.6#33081: query(cache) 'innomate.de/NS/IN' denied
+Jul 15 18:42:00 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.5#53
+Jul 15 18:42:01 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.4#53
+Jul 15 18:42:02 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.199.54.11#53
+Jul 15 18:42:03 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.199.0.132#53
+Jul 16 05:20:50 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'er-solution.de/NS/IN': 216.199.54.11#53
+Jul 16 05:20:51 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'er-solution.de/NS/IN': 216.14.208.5#53
+Jul 16 05:20:51 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'er-solution.de/NS/IN': 216.199.0.132#53
+Jul 16 05:20:52 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'er-solution.de/NS/IN': 216.14.208.4#53
+Jul 16 07:28:27 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'weisberg.de/NS/IN': 216.14.208.5#53
+Jul 16 07:28:28 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'weisberg.de/NS/IN': 216.199.54.11#53
+Jul 16 07:28:28 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'weisberg.de/NS/IN': 216.14.208.4#53
+Jul 16 07:28:29 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'weisberg.de/NS/IN': 216.199.0.132#53
+Jul 16 09:03:03 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'schwaebischhall-tourismus.de/A/IN': 216.14.208.4#53
+Jul 16 09:03:04 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'schwaebischhall-tourismus.de/A/IN': 216.14.208.5#53
+Jul 16 09:03:05 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'schwaebischhall-tourismus.de/A/IN': 216.199.54.11#53
+Jul 16 09:03:07 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'schwaebischhall-tourismus.de/A/IN': 216.199.0.132#53
+Jul 16 09:03:07 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'schwaebischhall-tourismus.de/A/IN': 217.69.160.18#53
+Jul 16 09:03:07 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'schwaebischhall-tourismus.de/A/IN': 217.69.161.92#53
+Jul 16 11:17:05 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'joyfleming.de/A/IN': 216.14.208.4#53
+Jul 16 11:17:07 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'joyfleming.de/A/IN': 216.199.0.132#53
+Jul 16 11:17:07 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'joyfleming.de/A/IN': 216.199.54.11#53
+Jul 16 19:04:04 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'linkbanner.de/A/IN': 216.14.208.5#53
+Jul 16 19:04:05 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'linkbanner.de/A/IN': 216.14.208.4#53
+Jul 16 19:04:05 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'linkbanner.de/A/IN': 216.199.54.11#53
+Jul 16 19:04:06 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'linkbanner.de/A/IN': 216.199.0.132#53
+Jul 17 00:21:34 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'it-prosystems.de/NS/IN': 216.14.208.4#53
+Jul 17 00:21:35 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'it-prosystems.de/NS/IN': 216.14.208.5#53
+Jul 17 00:21:35 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'it-prosystems.de/NS/IN': 216.199.54.11#53
+Jul 17 00:21:36 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'it-prosystems.de/NS/IN': 216.199.0.132#53
+Jul 17 01:46:04 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'vallone.de/A/IN': 216.199.54.11#53
+Jul 17 01:46:06 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'vallone.de/A/IN': 216.14.208.4#53
+Jul 17 01:46:07 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'vallone.de/A/IN': 216.14.208.5#53
+Jul 17 01:46:08 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'vallone.de/A/IN': 216.199.0.132#53
+Jul 17 01:46:09 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'vallone.de/A/IN': 193.158.124.144#53
+Jul 17 01:46:09 raid5 named[3866]: lame server resolving 'vallone.de' (in 'vallone.de'?): 62.156.146.242#53
+Jul 17 01:46:09 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'vallone.de/A/IN': 193.158.124.143#53
+Jul 17 01:49:41 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'a-s-l.de/A/IN': 192.76.144.17#53
+Jul 17 01:49:41 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'a-s-l.de/A/IN': 194.128.171.100#53
+Jul 17 01:49:57 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'ns1.a-s-l.de/AAAA/IN': 194.128.171.100#53
+Jul 17 01:49:57 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'ns1.a-s-l.de/AAAA/IN': 192.76.144.17#53
+Jul 17 02:30:49 raid5 syslog-ng[2594]: STATS: dropped 0
+Jul 17 03:30:50 raid5 syslog-ng[2594]: STATS: dropped 0
+Jul 17 04:30:50 raid5 syslog-ng[2594]: STATS: dropped 0
+Jul 17 05:15:51 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'metal-fuer-alle.de/NS/IN': 216.199.0.132#53
+Jul 17 05:15:52 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'metal-fuer-alle.de/NS/IN': 216.14.208.4#53
+Jul 17 05:15:53 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'metal-fuer-alle.de/NS/IN': 216.199.54.11#53
+Jul 17 05:15:54 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'metal-fuer-alle.de/NS/IN': 216.14.208.5#53
+Jul 17 05:15:54 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'metal-fuer-alle.de/NS/IN': 212.78.206.21#53
+Jul 17 05:15:55 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'metal-fuer-alle.de/NS/IN': 212.78.192.249#53
+Jul 17 05:15:55 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'metal-fuer-alle.de/NS/IN': 212.78.206.22#53
+Jul 17 11:18:37 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'stadtkrankenhaus-ruesselsheim.de/A/IN': 216.199.0.132#53
+Jul 17 11:18:38 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'stadtkrankenhaus-ruesselsheim.de/A/IN': 216.199.54.11#53
+Jul 17 11:18:38 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'stadtkrankenhaus-ruesselsheim.de/A/IN': 216.14.208.4#53
+Jul 17 11:18:39 raid5 named[3866]: unexpected RCODE (SERVFAIL) resolving 'stadtkrankenhaus-ruesselsheim.de/A/IN': 216.14.208.5#53
+Jul 17 11:18:39 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'stadtkrankenhaus-ruesselsheim.de/A/IN': 192.76.144.15#53
+Jul 17 11:18:39 raid5 named[3866]: unexpected RCODE (REFUSED) resolving 'stadtkrankenhaus-ruesselsheim.de/A/IN': 194.128.171.101#53
+Jul 17 11:44:32 raid5 named[3866]: shutting down: flushing changes
+Jul 17 11:44:32 raid5 named[3866]: stopping command channel on 127.0.0.1#953
+Jul 17 11:44:32 raid5 named[3866]: stopping command channel on ::1#953
+Jul 17 11:44:32 raid5 named[3866]: no longer listening on ::#53
+Jul 17 11:44:32 raid5 named[3866]: no longer listening on 127.0.0.1#53
+Jul 17 11:44:32 raid5 named[3866]: no longer listening on 70.46.31.227#53
+Jul 17 11:44:32 raid5 named[3866]: exiting
+Jul 17 11:46:22 raid5 named[3800]: starting BIND 9.3.2 -t /var/lib/named -u named
+Jul 17 11:46:22 raid5 named[3800]: found 1 CPU, using 1 worker thread
+Jul 17 11:46:22 raid5 named[3800]: loading configuration from '/etc/named.conf'
+Jul 17 11:46:22 raid5 named[3800]: listening on IPv6 interfaces, port 53
+Jul 17 11:46:22 raid5 named[3800]: listening on IPv4 interface lo, 127.0.0.1#53
+Jul 17 11:46:22 raid5 named[3800]: listening on IPv4 interface eth0, 70.46.31.227#53
+Jul 17 11:46:23 raid5 named[3800]: command channel listening on 127.0.0.1#953
+Jul 17 11:46:23 raid5 named[3800]: command channel listening on ::1#953
+Jul 17 11:46:23 raid5 named[3800]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
+Jul 17 11:46:23 raid5 named[3800]: zone ricreig.com/IN: loaded serial 2007071302
+Jul 17 11:46:23 raid5 named[3800]: zone localhost/IN: loaded serial 42
+Jul 17 11:46:23 raid5 named[3800]: running
+Jul 17 12:23:08 raid5 named[3842]: unexpected RCODE (SERVFAIL) resolving 'lea-nrw.de/A/IN': 216.199.0.132#53
+Jul 17 12:23:08 raid5 named[3842]: unexpected RCODE (SERVFAIL) resolving 'lea-nrw.de/A/IN': 216.14.208.5#53
+Jul 17 12:23:09 raid5 named[3842]: unexpected RCODE (SERVFAIL) resolving 'lea-nrw.de/A/IN': 216.14.208.4#53
+Jul 17 12:23:09 raid5 named[3842]: unexpected RCODE (SERVFAIL) resolving 'lea-nrw.de/A/IN': 216.199.54.11#53
+Jul 17 12:23:10 raid5 named[3842]: lame server resolving 'lea-nrw.de' (in 'lea-nrw.de'?): 213.203.238.202#53
+Jul 17 12:23:10 raid5 named[3842]: lame server resolving 'lea-nrw.de' (in 'lea-nrw.de'?): 83.220.144.3#53
+Jul 17 16:06:51 raid5 named[3770]: unexpected RCODE (SERVFAIL) resolving 'linuxbox.de/A/IN': 217.160.113.11#53
+Jul 17 16:06:52 raid5 named[3770]: unexpected RCODE (SERVFAIL) resolving 'linuxbox.de/A/IN': 62.116.129.129#53
+Jul 17 16:06:52 raid5 named[3770]: unexpected RCODE (SERVFAIL) resolving 'linuxbox.de/A/IN': 69.64.50.226#53
+Jul 17 16:06:52 raid5 named[3770]: unexpected RCODE (SERVFAIL) resolving 'linuxbox.de/A/IN': 62.116.163.100#53
+Jul 17 16:36:48 raid5 named[3770]: shutting down: flushing changes
+Jul 17 16:36:48 raid5 named[3770]: stopping command channel on 127.0.0.1#953
+Jul 17 16:36:48 raid5 named[3770]: stopping command channel on ::1#953
+Jul 17 16:36:48 raid5 named[3770]: no longer listening on ::#53
+Jul 17 16:36:48 raid5 named[3770]: no longer listening on 127.0.0.1#53
+Jul 17 16:36:48 raid5 named[3770]: no longer listening on 70.46.31.227#53
+Jul 17 16:36:48 raid5 named[3770]: exiting
+Jul 17 23:02:06 raid5 named[3861]: unexpected RCODE (SERVFAIL) resolving 'diesel-motor-tuning.de/A/IN': 216.199.54.11#53
+Jul 17 23:02:06 raid5 named[3861]: unexpected RCODE (SERVFAIL) resolving 'diesel-motor-tuning.de/A/IN': 216.199.0.132#53
+Jul 17 23:02:07 raid5 named[3861]: unexpected RCODE (SERVFAIL) resolving 'diesel-motor-tuning.de/A/IN': 216.14.208.4#53
+Jul 17 23:02:07 raid5 named[3861]: unexpected RCODE (SERVFAIL) resolving 'diesel-motor-tuning.de/A/IN': 216.14.208.5#53
+Jul 17 23:02:08 raid5 named[3861]: lame server resolving 'diesel-motor-tuning.de' (in 'diesel-motor-tuning.de'?): 85.214.0.246#53
+Jul 17 23:02:08 raid5 named[3861]: lame server resolving 'diesel-motor-tuning.de' (in 'diesel-motor-tuning.de'?): 81.169.146.16#53
+Jul 18 05:43:33 raid5 named[3861]: stopping command channel on 127.0.0.1#953
+Jul 18 05:43:33 raid5 named[3861]: stopping command channel on ::1#953
+Jul 18 05:43:33 raid5 named[3861]: no longer listening on ::#53
+Jul 18 05:43:33 raid5 named[3861]: no longer listening on 127.0.0.1#53
+Jul 18 05:43:33 raid5 named[3861]: no longer listening on 70.46.31.227#53
+Jul 18 05:43:33 raid5 named[3861]: exiting
+Jul 18 05:45:19 raid5 named[3891]: starting BIND 9.3.2 -t /var/lib/named -u named
+Jul 18 05:45:19 raid5 named[3891]: found 1 CPU, using 1 worker thread
+Jul 18 05:45:19 raid5 named[3891]: loading configuration from '/etc/named.conf'
+Jul 18 05:45:19 raid5 named[3891]: listening on IPv6 interfaces, port 53
+Jul 18 05:45:19 raid5 named[3891]: listening on IPv4 interface lo, 127.0.0.1#53
+Jul 18 05:45:19 raid5 named[3891]: listening on IPv4 interface eth0, 70.46.31.227#53
+Jul 18 14:04:01 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'b-kr.de/A/IN': 216.199.54.11#53
+Jul 18 14:04:02 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'b-kr.de/A/IN': 216.14.208.4#53
+Jul 18 14:04:02 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'b-kr.de/A/IN': 216.199.0.132#53
+Jul 18 14:04:03 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'b-kr.de/A/IN': 216.14.208.5#53
+Jul 18 14:04:03 raid5 named[3891]: lame server resolving 'b-kr.de' (in 'b-kr.de'?): 85.214.0.232#53
+Jul 18 14:04:03 raid5 named[3891]: lame server resolving 'b-kr.de' (in 'b-kr.de'?): 81.169.146.20#53
+Jul 18 20:11:55 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'kwok.de/A/IN': 216.199.54.11#53
+Jul 18 20:11:55 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'kwok.de/A/IN': 216.14.208.5#53
+Jul 18 20:11:56 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'kwok.de/A/IN': 216.199.0.132#53
+Jul 18 20:11:57 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'kwok.de/A/IN': 216.14.208.4#53
+Jul 18 20:11:57 raid5 named[3891]: lame server resolving 'kwok.de' (in 'kwok.de'?): 85.214.0.247#53
+Jul 18 20:11:57 raid5 named[3891]: lame server resolving 'kwok.de' (in 'kwok.de'?): 81.169.146.29#53
+Jul 18 20:50:35 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'www.nrlmry.navy.mil/A/IN': 216.14.208.4#53
+Jul 18 20:51:38 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'www.nrlmry.navy.mil/A/IN': 216.14.208.4#53
+Jul 18 23:26:31 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'golgotha.de/A/IN': 216.14.208.5#53
+Jul 18 23:26:33 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'golgotha.de/A/IN': 216.14.208.4#53
+Jul 18 23:26:33 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'golgotha.de/A/IN': 216.199.54.11#53
+Jul 18 23:26:34 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'golgotha.de/A/IN': 216.199.0.132#53
+Jul 18 23:26:34 raid5 named[3891]: unexpected RCODE (REFUSED) resolving 'golgotha.de/A/IN': 217.195.32.108#53
+Jul 18 23:26:35 raid5 named[3891]: unexpected RCODE (REFUSED) resolving 'golgotha.de/A/IN': 81.3.2.142#53
+Jul 19 00:44:46 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'dr-levien.de/NS/IN': 216.14.208.4#53
+Jul 19 00:44:47 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'dr-levien.de/NS/IN': 216.199.0.132#53
+Jul 19 00:44:48 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'dr-levien.de/NS/IN': 216.14.208.5#53
+Jul 19 00:44:51 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'dr-levien.de/NS/IN': 216.199.54.11#53
+Jul 19 00:44:52 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'dr-levien.de/NS/IN': 212.112.227.247#53
+Jul 19 00:44:52 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'dr-levien.de/NS/IN': 212.124.35.10#53
+Jul 19 00:59:02 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'requena.de/A/IN': 216.14.208.4#53
+Jul 19 00:59:03 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'requena.de/A/IN': 216.14.208.5#53
+Jul 19 00:59:03 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'requena.de/A/IN': 216.199.54.11#53
+Jul 19 00:59:04 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'requena.de/A/IN': 216.199.0.132#53
+Jul 19 00:59:05 raid5 named[3891]: lame server resolving 'requena.de' (in 'requena.de'?): 87.106.31.55#53
+Jul 19 02:32:35 raid5 mountd[3982]: authenticated unmount request from 70.46.31.226:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70.46.31.226:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:734 for /usr/share (/usr/share)
+Jul 19 02:32:58 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:735 for /multimedia (/multimedia)
+Jul 19 02:32:59 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:735 for /multimedia (/multimedia)
+Jul 19 02:32:59 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:735 for /multimedia (/multimedia)
+Jul 19 02:32:59 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:735 for /multimedia (/multimedia)
+Jul 19 02:32:59 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:735 for /multimedia (/multimedia)
+Jul 19 02:32:59 raid5 mountd[3982]: authenticated unmount request from 70-46-31-226.orl.fdn.com:735 for /multimedia (/multimedia)
+Jul 19 03:40:14 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'scully.de/NS/IN': 216.199.54.11#53
+Jul 19 03:40:15 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'scully.de/NS/IN': 216.14.208.5#53
+Jul 19 03:40:16 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'scully.de/NS/IN': 216.199.0.132#53
+Jul 19 03:40:16 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'scully.de/NS/IN': 216.14.208.4#53
+Jul 19 03:40:16 raid5 named[3891]: lame server resolving 'scully.de' (in 'scully.de'?): 212.172.221.3#53
+Jul 19 03:40:17 raid5 named[3891]: lame server resolving 'scully.de' (in 'scully.de'?): 62.26.219.10#53
+Jul 19 05:37:37 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ladyluna.de/A/IN': 216.14.208.5#53
+Jul 19 05:37:37 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ladyluna.de/A/IN': 216.199.54.11#53
+Jul 19 05:37:37 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ladyluna.de/A/IN': 216.199.0.132#53
+Jul 19 05:37:39 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ladyluna.de/A/IN': 216.14.208.4#53
+Jul 19 05:37:39 raid5 named[3891]: lame server resolving 'ladyluna.de' (in 'ladyluna.de'?): 85.214.34.122#53
+Jul 19 05:37:39 raid5 named[3891]: lame server resolving 'ladyluna.de' (in 'ladyluna.de'?): 213.73.103.1#53
+Jul 19 07:10:07 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'theater-getuerkt.de/A/IN': 216.199.54.11#53
+Jul 19 07:10:09 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'theater-getuerkt.de/A/IN': 216.199.0.132#53
+Jul 19 07:10:10 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'theater-getuerkt.de/A/IN': 216.14.208.4#53
+Jul 19 07:10:12 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'theater-getuerkt.de/A/IN': 216.14.208.5#53
+Jul 19 08:27:29 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns1.softgroup.net/AAAA/IN': 216.199.0.132#53
+Jul 19 08:27:29 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns2.softgroup.net/AAAA/IN': 216.199.0.132#53
+Jul 19 08:27:29 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns1.softgroup.net/AAAA/IN': 216.14.208.5#53
+Jul 19 08:27:29 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns2.softgroup.net/AAAA/IN': 216.14.208.5#53
+Jul 19 08:27:30 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns1.softgroup.net/AAAA/IN': 216.199.54.11#53
+Jul 19 08:27:30 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns2.softgroup.net/AAAA/IN': 216.199.54.11#53
+Jul 19 08:27:30 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns1.softgroup.net/AAAA/IN': 216.14.208.4#53
+Jul 19 08:27:30 raid5 named[3891]: unexpected RCODE (SERVFAIL) resolving 'ns2.softgroup.net/AAAA/IN': 216.14.208.4#53
+Jul 19 08:27:30 raid5 named[3891]: FORMERR resolving 'ns1.softgroup.net/AAAA/IN': 64.14.244.254#53
+Jul 19 08:27:30 raid5 named[3891]: FORMERR resolving 'ns2.softgroup.net/AAAA/IN': 64.14.244.254#53
+Jul 19 08:27:30 raid5 named[3891]: FORMERR resolving 'ns1.softgroup.net/AAAA/IN': 64.34.46.254#53
+Jul 19 08:27:30 raid5 named[3891]: FORMERR resolving 'ns2.softgroup.net/AAAA/IN': 64.34.46.254#53
+Jul 21 05:30:45 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.5#53
+Jul 21 05:30:46 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.0.132#53
+Jul 21 05:30:47 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.54.11#53
+Jul 21 05:30:48 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.4#53
+Jul 21 05:30:48 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.22#53
+Jul 21 05:30:48 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.192.249#53
+Jul 21 05:30:48 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.21#53
+Jul 21 05:30:49 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.5#53
+Jul 21 05:30:50 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.54.11#53
+Jul 21 05:30:51 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.0.132#53
+Jul 21 05:30:52 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.4#53
+Jul 21 05:30:52 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.22#53
+Jul 21 05:30:52 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.21#53
+Jul 21 05:30:52 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.192.249#53
+Jul 21 05:30:53 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.5#53
+Jul 21 05:30:53 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.4#53
+Jul 21 05:30:54 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.54.11#53
+Jul 21 05:30:55 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.0.132#53
+Jul 21 05:30:55 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.22#53
+Jul 21 05:30:55 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.21#53
+Jul 21 05:30:56 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.192.249#53
+Jul 21 05:30:56 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.4#53
+Jul 21 05:30:57 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.14.208.5#53
+Jul 21 05:30:58 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.54.11#53
+Jul 21 05:30:59 raid5 named[11450]: unexpected RCODE (SERVFAIL) resolving 'losmac.de/NS/IN': 216.199.0.132#53
+Jul 21 05:30:59 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.22#53
+Jul 21 05:30:59 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.206.21#53
+Jul 21 05:30:59 raid5 named[11450]: unexpected RCODE (REFUSED) resolving 'losmac.de/NS/IN': 212.78.192.249#53
+
+
+
+
+
+However, anything in MY network 70.46.31.22? should be ignored (of course it wont be refused or have  RCODE etc either)
+
+Jul 20 20:01:05 raid5 named[10909]: client 70.46.31.227#1137: query: pop.gmail.com IN AAAA +
+Jul 20 20:01:05 raid5 named[10909]: client 70.46.31.227#1137: query: pop.gmail.com IN A +
+Jul 20 20:01:16 raid5 named[10909]: client 70.46.31.227#1137: query: www.ricreig.com IN AAAA +
+Jul 20 20:01:16 raid5 named[10909]: client 70.46.31.227#1137: query: www.ricreig.com.ricreig.com IN AAAA +
+Jul 20 20:01:16 raid5 named[10909]: client 70.46.31.227#1137: query: www.ricreig.com IN A +
+Jul 20 20:03:25 raid5 named[10909]: client 148.160.29.6#33079: query: kwg-store.de IN NS +
+Jul 20 20:03:28 raid5 named[10909]: client 148.160.29.10#34769: query: adv-ag.de IN A +
+Jul 20 20:03:31 raid5 named[10909]: client 70.46.31.227#1137: query: mail.ricreig.com IN AAAA +
+Jul 20 20:03:31 raid5 named[10909]: client 70.46.31.227#1137: query: mail.ricreig.com.ricreig.com IN AAAA +
+Jul 20 20:03:31 raid5 named[10909]: client 70.46.31.227#1137: query: mail.ricreig.com IN AAAA +
+Jul 20 20:03:31 raid5 named[10909]: client 70.46.31.227#1137: query: mail.ricreig.com.ricreig.com IN AAAA +
+Jul 20 20:03:32 raid5 named[10909]: client 70.46.31.227#1137: query: pop3.fdn.com IN A +
+Jul 20 20:03:32 raid5 named[10909]: client 70.46.31.227#1138: query: pop3.fdn.com IN AAAA +