Bind Error Unexpected Rcode Refused Resolving
Contents |
"error (unexpected RCODE REFUSED)" mean? Posted by Eric on 14 July 2015, 1:29 am If you're seeing this in the /var/log/syslog on your BIND DNS server: Jul 14 00:56:13 kla-dns-01 named[8255]: error (unexpected RCODE REFUSED) resolving '75.1.33.112.in-addr.arpa/PTR/IN': lame servers info error unexpected rcode refused resolving 211.136.17.105#53 ..it means that a client has asked your server to look up error unexpected rcode servfail resolving a domain name that your server didn't know about, and when it forwarded the request to it's forwarders, the named error unexpected rcode refused remote DNS server refused to respond. A packet trace on your DNS server shows exactly what's happening: root@dns1:/# tcpdump -n -s 1514 -v 'port 53' tcpdump: listening on eth0, link-type EN10MB (Ethernet),
Rcode Refused Dns
capture size 1514 bytes 00:56:09.686771 IP (tos 0x0, ttl 62, id 44942, offset 0, flags [DF], proto UDP (17), length 70) 10.5.11.101.42237 > 10.0.10.10.53: 17985+ PTR? 75.1.33.112.in-addr.arpa. (42) ^… One of your clients sends a request to your DNS server asking for the reverse-IP request (a "PTR" request) for the domain-name corresponding to IP address 112.33.1.75 (expressed in reverse as "75.1.33.112.in-addr.arpa.") 00:56:09.687284 IP (tos 0x0, lame server resolving ttl 64, id 28584, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.6374 > 10.0.0.2.53: 26305+% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… The DNS server forwards the reverse-IP request to it's "upstream" forwarder DNS server, 10.0.0.2. 00:56:12.218438 IP (tos 0x0, ttl 64, id 39251, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.27738 > 211.136.20.201.53: 63185% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… After 3 seconds without a reply, the server sends the request to it's next forwarder, 211.136.20.201. 00:56:13.018706 IP (tos 0x0, ttl 64, id 34335, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.37801 > 211.136.17.105.53: 55483% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… 800ms later, the server repeats the request to it's forwarder, 211.136.17.105. 00:56:13.251686 IP (tos 0x4, ttl 53, id 48502, offset 0, flags [none], proto UDP (17), length 81) 211.136.17.105.53 > 10.0.10.10.37801: 55483 Refused- 0/0/1 (53) ^ … The "upstream" forwarder DNS responds with the answer it received, REFUSED! Your DNS server then logs this rejection to syslog: Jul 14 00:56:13 kla-dns-01 named[8255]: error (unexpected RCODE REFUSED) resolving '75.1.33.112.in-addr.arpa/PTR/IN': 211.136.17.105#53 ^… The log says that your server received a response code of "REFUSED" when it was trying to ask upstrea
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta error (formerr) resolving Discuss the workings and policies of this site About Us Learn more
Category Lame-servers {null;};
about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault
Unexpected Rcode (servfail) From Master
Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign http://www.ericshalov.com/2015/07/14/what-does-error-unexpected-rcode-refused-mean/ up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top unexpected RCODE REFUSED - eating up log files up vote 1 down vote favorite 1 I have a website which I host myself, and I use bind9 as my DNS server (host my own http://serverfault.com/questions/672566/unexpected-rcode-refused-eating-up-log-files nameservers etc.). I am having a problem with traffic bandwidth, and my syslog is full of the following type of issue: error (unexpected RCODE REFUSED) resolving 'target-express.com/AAAA/IN': 193.95.142.60#53 error (unexpected RCODE REFUSED) resolving 'target-express.com/A/IN': 2001:7c8:3:2::5#53 In today's syslog, there are 144258 instances of this, all related to target-express.com. My questions are: is there anything I can do firewall-wise or bind config to stop this? Why would my bind setup be trying to resolve target-express.com (it's not my domain, nothing to do with me). I have checked my forwarders in named.conf, and none of them match the IPs showing in the logs (they are all basically different IPs, not just 193.95.142.60). My iptables reads: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -
arch art astrology astronomy audio ballad bandicoot cargo charity colour compsci conspiracy copenhagen copyright crossproduct crypto cthulhu dares divination dragon dreams drugs electronics employment environment fandom fiction finance games halloween hardware kde latex linguistics links linux livejournal math meta music myth networking occult odroid personal philosophy pivotx poetry politics pornography privacy programming psychology publishing pudding reference religion scifi security sex socialnet software sonnet spam tarot travel typography web webcomics winnipeg アニメ 作りましょう 写真 宗教 日本語 日記 食べ物 (all) Archives Sep 2016 Jul 2016 May 2016 Apr 2016 Feb 2016 Dec 2015 Nov 2015 Aug 2015 Jun 2015 Jan 2015 Dec 2014 Nov 2014 Oct 2014 Sep 2014 Aug 2014 Jul 2014 Apr 2014 Mar 2014 Feb 2014 Dec 2013 Nov 2013 Aug 2013 Jul 2013 May 2013 Mar 2013 Jan 2013 Nov 2012 Oct 2012 Sep 2012 Aug 2012 Jul 2012 Jun 2012 May 2012 Apr 2012 Mar 2012 Feb 2012 Jan 2012 Dec 2011 Nov 2011 Oct 2011 Sep 2011 Aug 2011 Jul 2011 Jun 2011 May 2011 Apr 2011 Mar 2011 Feb 2011 Jan 2011 Dec 2010 Nov 2010 Oct 2010 Sep 2010 Aug 2010 Jul 2010 Jun 2010 May 2010 Apr 2010 Mar 2010 Jan 2010 Mar 2009 Jul 2008 Aug 2007 Nov 2005 Nov 2004 Aug 2004 Jun 2004 Dec 2003 Nov 2003 Aug 2002 Jun 2002 Oct 2001 Feb 1997 Dec 1969 Syndication « Typographical history of the T... | Home | New KDE, still broken » Fixing "unexpected RCODE (SERVFAIL)" and "unexpected RCODE (REFUSED)" Wed 26 Jan 2011 by mskala Tags used: networking This is another one where I searched the net, the answers I found were very unhelpful, and so I'm posting what worked for me for the benefit of anyone making similar searches. The problem: new ADSL connection from MTS Allstream, which is the deregulated ghost of the Manitoba telecom monopoly. Works pretty well, except they do that damn misguided "helpful" redirection of failed DNS requests to a search engine, thereby screwing up all non-Web activities that depend on the DNS actually working according to the protocol. They offer opt-out but that doesn't work. So I set up my own caching DNS server and everything seemed fine... except just a few Web sites wouldn't work. Always the same sites; little or no rhyme or reason to which ones they were. Penny Arcade, Weather Underground, the Canada Revenue Agency, and the CBC, were the most annoying examples. The browser would hang, trying to connect, forever. Digging through the sy