Error Unexpected Rcode Servfail Resolving
Contents |
Search HCL Search Reviews Search ISOs Go to Page... LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie DNS Issue error unexpected rcode refused [unexpected rcode (SERVFAIL)] User Name Remember Me? Password Linux - Newbie This
Named Error Unexpected Rcode Refused
Linux forum is for members that are new to Linux. Just starting out and have a question? lame servers error unexpected rcode refused If it is not in the man pages or the how-to's this is the place! Notices Welcome to LinuxQuestions.org, a friendly and active Linux Community. You are currently error (formerr) resolving viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today! Note that registered members see fewer ads, and ContentLink is completely disabled
Unexpected Rcode (servfail) From Master
once you log in. Are you new to LinuxQuestions.org? Visit the following links: Site Howto | Site FAQ | Sitemap | Register Now If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here. Having a problem logging in? Please visit this page to clear all LQ-related cookies. Introduction to Linux - A Hands on Guide This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter. For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that
"error (unexpected RCODE REFUSED)" mean? Posted by Eric on 14 July 2015, 1:29 am If you're seeing this in the /var/log/syslog on lame server resolving your BIND DNS server: Jul 14 00:56:13 kla-dns-01 named[8255]: error rcode refused dns (unexpected RCODE REFUSED) resolving '75.1.33.112.in-addr.arpa/PTR/IN': 211.136.17.105#53 ..it means that a client has asked your server
Category Lame-servers {null;};
to look up a domain name that your server didn't know about, and when it forwarded the request to it's forwarders, the remote DNS server http://www.linuxquestions.org/questions/linux-newbie-8/dns-issue-%5Bunexpected-rcode-servfail-%5D-785246/ refused to respond. A packet trace on your DNS server shows exactly what's happening: root@dns1:/# tcpdump -n -s 1514 -v 'port 53' tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514 bytes 00:56:09.686771 IP (tos 0x0, ttl 62, id 44942, offset 0, flags [DF], proto UDP (17), length 70) http://www.ericshalov.com/2015/07/14/what-does-error-unexpected-rcode-refused-mean/ 10.5.11.101.42237 > 10.0.10.10.53: 17985+ PTR? 75.1.33.112.in-addr.arpa. (42) ^… One of your clients sends a request to your DNS server asking for the reverse-IP request (a "PTR" request) for the domain-name corresponding to IP address 112.33.1.75 (expressed in reverse as "75.1.33.112.in-addr.arpa.") 00:56:09.687284 IP (tos 0x0, ttl 64, id 28584, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.6374 > 10.0.0.2.53: 26305+% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… The DNS server forwards the reverse-IP request to it's "upstream" forwarder DNS server, 10.0.0.2. 00:56:12.218438 IP (tos 0x0, ttl 64, id 39251, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.27738 > 211.136.20.201.53: 63185% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… After 3 seconds without a reply, the server sends the request to it's next forwarder, 211.136.20.201. 00:56:13.018706 IP (tos 0x0, ttl 64, id 34335, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.37801 > 211.136.17.105.53: 55483% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… 800ms
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site http://serverfault.com/questions/37604/unexpected-rcodeservfail-causing-bind-to-crash About Us Learn more about Stack Overflow the company Business Learn more about hiring http://ansuz.sooke.bc.ca/entry/152 developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers unexpected rcode are voted up and rise to the top Unexpected RCODE(SERVFAIL) causing bind to crash? up vote 0 down vote favorite Every two days or so, my server stops responding entirely to its services. I can ping it, but I cannot use SSH so I have to go into my host's control panel and reset it. When it comes back up, the last log entry before the error unexpected rcode crash in /var/log/messages are variations on the following: named[3493]: unexpected RCODE (SERVFAIL) resolving '3.39.148.159.in-addr.arpa/PTR/IN': 193.0.0.193#53 Could this be a part of a DoS attack? I have not configured bind on this server and didn't think I'd need to (however naïve that may be). domain-name-system centos bind share|improve this question asked Jul 8 '09 at 11:13 Jonathan Prior 187312 add a comment| 3 Answers 3 active oldest votes up vote 0 down vote accepted Question first off: does it actually need the bind accessible to the outside world? If not, just block ingoing traffic on the DNS ports, and you're all set. But yes, indirectly this is part of an 'attack', as your mail server is probably trying to bounce back "user not found" mails to bogus servers. And do you have spamassassin running on your machine? If you're hit by a spamwave and the perl spamassassin is trying to handle all the mail, it might take down your system on unlucky configurations. share|improve this answer answered Jul 8 '09 at 12:10 towo 1,4451110 I've blocked external traffic to bind. I'll see if that clears up the problem in a couple of days. –Jonathan Prior Jul
arch art astrology astronomy audio ballad bandicoot cargo charity colour compsci conspiracy copenhagen copyright crossproduct crypto cthulhu dares divination dragon dreams drugs electronics employment environment fandom fiction finance games halloween hardware kde latex linguistics links linux livejournal math meta music myth networking occult odroid personal philosophy pivotx poetry politics pornography privacy programming psychology publishing pudding reference religion scifi security sex socialnet software sonnet spam tarot travel typography web webcomics winnipeg アニメ 作りましょう 写真 宗教 日本語 日記 食べ物 (all) Archives Oct 2016 Sep 2016 Jul 2016 May 2016 Apr 2016 Feb 2016 Dec 2015 Nov 2015 Aug 2015 Jun 2015 Jan 2015 Dec 2014 Nov 2014 Oct 2014 Sep 2014 Aug 2014 Jul 2014 Apr 2014 Mar 2014 Feb 2014 Dec 2013 Nov 2013 Aug 2013 Jul 2013 May 2013 Mar 2013 Jan 2013 Nov 2012 Oct 2012 Sep 2012 Aug 2012 Jul 2012 Jun 2012 May 2012 Apr 2012 Mar 2012 Feb 2012 Jan 2012 Dec 2011 Nov 2011 Oct 2011 Sep 2011 Aug 2011 Jul 2011 Jun 2011 May 2011 Apr 2011 Mar 2011 Feb 2011 Jan 2011 Dec 2010 Nov 2010 Oct 2010 Sep 2010 Aug 2010 Jul 2010 Jun 2010 May 2010 Apr 2010 Mar 2010 Jan 2010 Mar 2009 Jul 2008 Aug 2007 Nov 2005 Nov 2004 Aug 2004 Jun 2004 Dec 2003 Nov 2003 Aug 2002 Jun 2002 Oct 2001 Feb 1997 Dec 1969 Syndication « Typographical history of the T... | Home | New KDE, still broken » Fixing "unexpected RCODE (SERVFAIL)" and "unexpected RCODE (REFUSED)" Wed 26 Jan 2011 by mskala Tags used: networking This is another one where I searched the net, the answers I found were very unhelpful, and so I'm posting what worked for me for the benefit of anyone making similar searches. The problem: new ADSL connection from MTS Allstream, which is the deregulated ghost of the Manitoba telecom monopoly. Works pretty well, except they do that damn misguided "helpful" redirection of failed DNS requests to a search engine, thereby screwing up all non-Web activities that depend on the DNS actually working according to the protocol. They offer opt-out but that doesn't work. So I set up my own caching DNS server and everything seemed fine... except just a few Web sites wouldn't work. Always the same sites; little or no rhyme or reason to which ones they were. Penny Arcade, Weather Underground, the Canada Revenue Agency, and the CBC, were the most annoying examples. The browser would hang, trying to connect, forever. Digging through the system logs revealed lines like these: Jan 25 11:34:38 tetsu named[1613]: unexpected RCODE (SERVFAIL) resolving 'art.penny-arcade.com/A/IN': 72.52.2.1#53 Jan 25 11:37:55 tetsu named[1613]: unexpected RC