Bind Error Unexpected Rcode Servfail Resolving
Contents |
HCL Search Reviews Search ISOs Go to Page... LinuxQuestions.org > Forums > Linux Forums > Linux - Server BIND - Unexpected RCODE (SERVFAIL/REFUSED) errors User Name debian error unexpected rcode refused resolving Remember Me? Password Linux - Server This forum is for the discussion of
Bind9 Unexpected Rcode Refused
Linux Software used in a server related context. Notices Welcome to LinuxQuestions.org, a friendly and active Linux Community. You are
Named Error Unexpected Rcode Refused Resolving
currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other
Lame Servers Info Error Unexpected Rcode Refused Resolving
special features. Registration is quick, simple and absolutely free. Join our community today! Note that registered members see fewer ads, and ContentLink is completely disabled once you log in. Are you new to LinuxQuestions.org? Visit the following links: Site Howto | Site FAQ | Sitemap | Register Now If you have any problems with the registration process or your account login, please contact us. rcode refused dns If you need to reset your password, click here. Having a problem logging in? Please visit this page to clear all LQ-related cookies. Introduction to Linux - A Hands on Guide This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter. For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own. Click Here to receive this Complete Guide absolutely free. Search this Thread 01-16-2008, 05:58 AM #1 beerfest LQ Newbie Registered: Jan 2008 Posts: 4 Rep: BIND - Unexpected RCODE (SERVFAIL/REFUSED) errors Hi all, My first post here and am looking for a little help. Have done a quick search and couldn'
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies lame server resolving of this site About Us Learn more about Stack Overflow the company Business error (formerr) resolving Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question category lame-servers {null;}; _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question http://www.linuxquestions.org/questions/linux-server-73/bind-unexpected-rcode-servfail-refused-errors-613942/ Anybody can answer The best answers are voted up and rise to the top unexpected RCODE REFUSED - eating up log files up vote 1 down vote favorite 1 I have a website which I host myself, and I use bind9 as my DNS server (host my own nameservers etc.). I am having a problem with traffic bandwidth, and my syslog is full http://serverfault.com/questions/672566/unexpected-rcode-refused-eating-up-log-files of the following type of issue: error (unexpected RCODE REFUSED) resolving 'target-express.com/AAAA/IN': 193.95.142.60#53 error (unexpected RCODE REFUSED) resolving 'target-express.com/A/IN': 2001:7c8:3:2::5#53 In today's syslog, there are 144258 instances of this, all related to target-express.com. My questions are: is there anything I can do firewall-wise or bind config to stop this? Why would my bind setup be trying to resolve target-express.com (it's not my domain, nothing to do with me). I have checked my forwarders in named.conf, and none of them match the IPs showing in the logs (they are all basically different IPs, not just 193.95.142.60). My iptables reads: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " REJECT al
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting http://serverfault.com/questions/37604/unexpected-rcodeservfail-causing-bind-to-crash ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Unexpected RCODE(SERVFAIL) causing bind to crash? up vote 0 down vote favorite Every two days or so, my server stops responding entirely to its services. unexpected rcode I can ping it, but I cannot use SSH so I have to go into my host's control panel and reset it. When it comes back up, the last log entry before the crash in /var/log/messages are variations on the following: named[3493]: unexpected RCODE (SERVFAIL) resolving '3.39.148.159.in-addr.arpa/PTR/IN': 193.0.0.193#53 Could this be a part of a DoS attack? I have not configured bind on this server and didn't think I'd need to (however naïve that may be). domain-name-system centos bind share|improve this question asked Jul error unexpected rcode 8 '09 at 11:13 Jonathan Prior 187312 add a comment| 3 Answers 3 active oldest votes up vote 0 down vote accepted Question first off: does it actually need the bind accessible to the outside world? If not, just block ingoing traffic on the DNS ports, and you're all set. But yes, indirectly this is part of an 'attack', as your mail server is probably trying to bounce back "user not found" mails to bogus servers. And do you have spamassassin running on your machine? If you're hit by a spamwave and the perl spamassassin is trying to handle all the mail, it might take down your system on unlucky configurations. share|improve this answer answered Jul 8 '09 at 12:10 towo 1,4451110 I've blocked external traffic to bind. I'll see if that clears up the problem in a couple of days. –Jonathan Prior Jul 8 '09 at 20:25 add a comment| up vote 1 down vote That syslog entry is most likely your machine trying to lookup the IP of a host that just connected to it. 193.0.0.193 is one of RIPE's DNS servers which are authoritative for part of the in-addr.arpa tree used to map from IP to hostname. It is exceedingly unlikely that these DNS queries are causing your machine to crash. It's far more likely to be the resource drain from whatever inbound traffic is indirectly causing the DNS lookups. It would be most useful for you to look at what inbound s