Lame-servers Error Unexpected Rcode Servfail Resolving
Contents |
Bind logs? named[xxxxxx]: unexpected RCODE (REFUSED) resolving ‘xx.xx.xx.xx.in-addr.arpa/PTR/IN': xxx.xxx.xxx.xxx#53 This is probably because you have a forwarder in your named.conf that refuse your requests. Simply look at the end of named error (unexpected rcode refused) resolving the previous line : "xxx.xxx.xxx.xxx#53" and search this address in your category lame-servers {null;}; named configuration file - it should be located inside the forwarders : Shell forwarders { xxx.xxx.xxx.xxx; }; 1 error (formerr) resolving forwarders { xxx.xxx.xxx.xxx; }; You need to remove or comment this host to get rid of the error in log or allow your host to query this server unexpected rcode (servfail) from master if it belongs to you! Tip : To make sure the remote DNS server you are trying to query is refusing your request, you can try to DIG a host like this replacing the domain and IP to meet your situation : Shell dig domain.tld @xxx.xxx.xxx.xxx 1 dig domain.tld @xxx.xxx.xxx.xxx Be Sociable, Share! Tweet Category: Servers About
Lame Server Resolving
Kaven G. System Engineer / Network Administrator View all posts by Kaven G. → Post navigation ← Bind : Transfer of ‘domain.tld' from xx.xx.xx.xx#53 failed receiving responses permission denied Linux : Error running command require /proc could not read procfs → ITechLounge.netLinux : Change installation and boot video resolution on CentOS/RHEL 7 Search for: Categories Downloads ITechLounge Mac Multimedia Networking Operating Systems PC Security Servers Storage Virtualization Web Tools.ITechLounge.net |-> BandwidthTest |-> GetMyIP |-> NS Lookup |-> Ping |-> TraceRoute |-> Whois Recent Posts Linux : Change installation and boot video resolution on CentOS/RHEL 7 IOS : Extended VLAN(s) not allowed in current VTP mode Linux : Port forwarding with IPtables Mac : Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 Windows : How to enable the Administrator account in Windows Home Edition Archives Archives Select Month October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 Se
"error (unexpected RCODE REFUSED)" mean? Posted by Eric on 14 July 2015, 1:29 am If you're seeing this in the /var/log/syslog on your BIND DNS server: Jul 14 00:56:13 kla-dns-01 named[8255]: error (unexpected RCODE REFUSED) resolving
Rcode Refused Dns
'75.1.33.112.in-addr.arpa/PTR/IN': 211.136.17.105#53 ..it means that a client has asked your server to look dns lame server up a domain name that your server didn't know about, and when it forwarded the request to it's forwarders, error (network unreachable) resolving the remote DNS server refused to respond. A packet trace on your DNS server shows exactly what's happening: root@dns1:/# tcpdump -n -s 1514 -v 'port 53' tcpdump: listening on eth0, link-type EN10MB http://www.itechlounge.net/2011/12/bind-unexpected-rcode-refused-resolving-xx-xx-xx-xx-in-addr-arpaptrin/ (Ethernet), capture size 1514 bytes 00:56:09.686771 IP (tos 0x0, ttl 62, id 44942, offset 0, flags [DF], proto UDP (17), length 70) 10.5.11.101.42237 > 10.0.10.10.53: 17985+ PTR? 75.1.33.112.in-addr.arpa. (42) ^… One of your clients sends a request to your DNS server asking for the reverse-IP request (a "PTR" request) for the domain-name corresponding to IP address 112.33.1.75 (expressed in reverse as "75.1.33.112.in-addr.arpa.") 00:56:09.687284 IP http://www.ericshalov.com/2015/07/14/what-does-error-unexpected-rcode-refused-mean/ (tos 0x0, ttl 64, id 28584, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.6374 > 10.0.0.2.53: 26305+% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… The DNS server forwards the reverse-IP request to it's "upstream" forwarder DNS server, 10.0.0.2. 00:56:12.218438 IP (tos 0x0, ttl 64, id 39251, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.27738 > 211.136.20.201.53: 63185% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… After 3 seconds without a reply, the server sends the request to it's next forwarder, 211.136.20.201. 00:56:13.018706 IP (tos 0x0, ttl 64, id 34335, offset 0, flags [none], proto UDP (17), length 81) 10.0.10.10.37801 > 211.136.17.105.53: 55483% [1au] PTR? 75.1.33.112.in-addr.arpa. (53) ^… 800ms later, the server repeats the request to it's forwarder, 211.136.17.105. 00:56:13.251686 IP (tos 0x4, ttl 53, id 48502, offset 0, flags [none], proto UDP (17), length 81) 211.136.17.105.53 > 10.0.10.10.37801: 55483 Refused- 0/0/1 (53) ^ … The "upstream" forwarder DNS responds with the answer it received, REFUSED! Your DNS server then logs this rejection to syslog: Jul 14 00:56:13 kla-dns-01 named[8255]: error (unexpected RCODE REFUSED) resolving '75.1.33.112.in-addr.arpa/PTR/IN': 211.136.17.105#53 ^… The log says that your server received a response code of "REFUSED" when it was
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site http://serverfault.com/questions/438235/what-is-the-meaning-of-these-bind-log-messages About Us Learn more about Stack Overflow the company Business Learn more about hiring https://lists.isc.org/pipermail/bind-users/2012-October/088831.html developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers unexpected rcode are voted up and rise to the top What is the meaning of these BIND log messages? up vote 1 down vote favorite 2 Please clarify for me the meaning of the following BIND messages in syslog, these are from a DNS resolver. Whilst I think I understand them, I don't know what all four mean, so I think it's best if someone will clarify for lame-servers error unexpected me: 1. Oct 14 18:36:34 resolver1 named[14958]: lame server resolving 'arrivatn.co.uk' (in 'arrivatn.co.uk'?): 212.103.224.56#53 2. Oct 14 18:36:36 resolver1 named[14958]: unexpected RCODE (SERVFAIL) resolving '148.128.183.212.in-addr.arpa/PTR/IN': 212.183.136.42#53 3. Oct 14 18:38:49 resolver1 named[14958]: unexpected RCODE (REFUSED) resolving 'internal-server.ournetwork.com/AAAA/IN': auth.dns.server.ip#53 4. Oct 14 18:39:05 resolver1 named[14958]: client 89.187.127.110#42034: query (cache) 'image.sinajs.cn/A/IN' denied Thank you. logging bind share|improve this question edited Oct 15 '12 at 8:05 asked Oct 14 '12 at 17:50 jwbensley 2,47463664 add a comment| 1 Answer 1 active oldest votes up vote 9 down vote accepted The nameserver it contacted was expected to be authoritative but isn't. The nameserver responded with a SERVFAIL error code. The nameserver responded with a REFUSED error code. The client was denied access to read the cached response for that domain. 1-3 are issues with the configuration of the nameserver for the domains/zones in question, #4 is caused by your local security configuration restricting the (probably remote, unauthorized) from reading from your local query cache. (Reading said cache remotely may allow certain kinds of attacks, so generally speaking you don't allow this unless you're providing a recursive resolver.) All of these errors are fairly normal, however, if your resolver is just for loc
] [ subject ] [ author ] There's more: both ns1.netbcp.com and ns2.netbcp.net don't respond to queries about nbc.com and ns1.netbcp.com doesn't respond over TCP. Frank From: bind-users-bounces+frnkblk=iname.com at lists.isc.org [mailto:bind-users-bounces+frnkblk=iname.com at lists.isc.org] On Behalf Of Kevin Darcy Sent: Friday, October 12, 2012 12:48 PM Cc: bind-users at lists.isc.org Subject: Re: error (unexpected RCODE REFUSED) resolving OK, so your nbc.com/A resolving error doesn't really have anything to do with the nameservers you included in your original post. It does appear, however, that ns2.netbcp.net (205.173.93.213) is refusing requests generally for the nbc.com domain: $ dig nbc.com +buf=4096 +norec @ns2.netbcp.net ; <<>> DiG 9.4.3-P3 <<>> nbc.com +buf=4096 +norec @ns2.netbcp.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1019 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;nbc.com. IN A ;; Query time: 30 msec ;; SERVER: 205.173.93.213#53(205.173.93.213) ;; WHEN: Fri Oct 12 13:44:56 2012 ;; MSG SIZE rcvd: 36 ns1.netbcp.com appears to be doing the same thing. Not known whether this is something temporary (performing maintenance?), or something permanent (provider's contract lapsed, but customer never updated delegations). In any case, you have enough working authoritative nameservers for the domain, so it'll continue to resolve for you... - Kevin On 10/12/2012 1:35 PM, James Tingler wrote: I don't think that I am. I only define internal forwarders for internal zones as needed. For my root hint, standard configuration: Named.conf zone "." { type hint; file "named.ca"; Named.ca: ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET.