fail2ban: improbe named-refused

fail2ban/filter.d/named-refused.conf

@@ -32,6 +32,11 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 failregex = error \(unexpected RCODE SERVFAIL\) resolving \'.*/IN\': <HOST>#53$
             error \(unexpected RCODE REFUSED\) resolving '.*/IN': <HOST>#53$
             error \(FORMERR\) resolving '.*/IN': <HOST>#53$
+            client <HOST>#.*: query \(cache\) '.*/IN' denied
+# Oct 16 03:08:38 ns4 named[4784]: client 121.14.142.9#43360 (37349.info): query (cache) '37349.info/ANY/IN' denied
+# http://www.zytrax.com/books/dns/ch7/queries.html
+# http://ab.16mb.com/2010/03/errors-dns/
+# https://kb.isc.org/article/AA-00503/0/Whats-the-difference-between-allow-query-cache-and-allow-recursion.html
 # named[24036]: DNS format error from 204.13.160.143#53 resolving ja.ru/MX for client 91.232.225.46#33549: Name ru (SOA) not subdomain of zone ja.ru -- invalid response
 #failregex = $
 

fail2ban/test.d/named-refused

 Oct 15 13:39:23 server named[4111]: error (unexpected RCODE REFUSED) resolving '158.107.4.210.in-addr.arpa/PTR/IN': 202.69.165.8#53
 Oct 15 13:38:34 server named[4111]: error (unexpected RCODE SERVFAIL) resolving '221.236.254.85.in-addr.arpa/PTR/IN': 193.0.9.6#53
 Oct 15 13:38:34 server named[4111]: error (FORMERR) resolving 'oreol.info/MX/IN': 207.189.109.119#53
+Oct 16 03:08:38 ns4 named[4784]: client 121.14.142.9#43360 (37349.info): query (cache) '37349.info/ANY/IN' denied
+Oct 16 04:35:47 ns4 named[8532]: client 180.218.34.12#9546 (ALT2.ASPMX.L.GOOGLE.COM): query (cache) 'ALT2.ASPMX.L.GOOGLE.COM/A/IN' denied
+#Oct 16 03:10:37 ns4 named[4784]: error (network unreachable) resolving 'bt.nnm-club.ru/AAAA/IN': 2001:470:26:482::2#53
\ No newline at end of file