Jan 12, 2018

quick and dirty hack to make BIND less verbose

In case you're providing DNS hosting in any form chances are one day you'll notice your syslog is flooded with messages like

Jan 12 17:34:27 pry-ns-vm1 named[6774]: client 74.125.xx.yy#41026: query (cache) 'deleted_domain.tld/A/IN' denied

Jan 12 17:34:27 pry-ns-vm1 named[6774]: client 74.125.xx.yy#56524: query (cache) 'deleted_domain.tld/A/IN' denied

Jan 12 17:34:28 pry-ns-vm1 named[6774]: client 61.50.zz.nn#51215: query (cache) 'deleted_domain.tld/A/IN' denied

Jan 12 17:34:29 pry-ns-vm1 named[6774]: client 61.50.zz.nn#49405: query (cache) 'deleted_domain.tld/A/IN' denied

This may be fixed with by adding following to your BIND config (as a top level section):

logging {
    category security { null; };
    channel default_syslog {
        syslog daemon;
        severity warning;
    };
};