Named Error Unexpected Rcode Servfail Resolving
Contents |
Bind logs? named[xxxxxx]: unexpected RCODE (REFUSED) resolving ‘xx.xx.xx.xx.in-addr.arpa/PTR/IN': xxx.xxx.xxx.xxx#53 This is probably because you have a forwarder in your named.conf that refuse your requests. error (formerr) resolving Simply look at the end of the previous line :
Unexpected Rcode (servfail) From Master
"xxx.xxx.xxx.xxx#53" and search this address in your named configuration file - it should be located inside
Lame Server Resolving
the forwarders : Shell forwarders { xxx.xxx.xxx.xxx; }; 1 forwarders { xxx.xxx.xxx.xxx; }; You need to remove or comment this host to get rid of
Rcode Refused Dns
the error in log or allow your host to query this server if it belongs to you! Tip : To make sure the remote DNS server you are trying to query is refusing your request, you can try to DIG a host like this replacing the domain and IP to meet your category lame-servers {null;}; situation : Shell dig domain.tld @xxx.xxx.xxx.xxx 1 dig domain.tld @xxx.xxx.xxx.xxx Be Sociable, Share! Tweet Category: Servers About Kaven G. System Engineer / Network Administrator View all posts by Kaven G. → Post navigation ← Bind : Transfer of ‘domain.tld' from xx.xx.xx.xx#53 failed receiving responses permission denied Linux : Error running command require /proc could not read procfs → ITechLounge.netLinux : Change installation and boot video resolution on CentOS/RHEL 7 Search for: Categories Downloads ITechLounge Mac Multimedia Networking Operating Systems PC Security Servers Storage Virtualization Web Tools.ITechLounge.net |-> BandwidthTest |-> GetMyIP |-> NS Lookup |-> Ping |-> TraceRoute |-> Whois Recent Posts Linux : Change installation and boot video resolution on CentOS/RHEL 7 IOS : Extended VLAN(s) not allowed in current VTP mode Linux : Port forwarding with IPtables Mac : Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 Windows : How to enable the Administr
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site dns lame server About Us Learn more about Stack Overflow the company Business Learn more about error (network unreachable) resolving hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is bind disable ipv6 a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best http://www.itechlounge.net/2011/12/bind-unexpected-rcode-refused-resolving-xx-xx-xx-xx-in-addr-arpaptrin/ answers are voted up and rise to the top unexpected RCODE REFUSED - eating up log files up vote 1 down vote favorite 1 I have a website which I host myself, and I use bind9 as my DNS server (host my own nameservers etc.). I am having a problem with traffic bandwidth, and my syslog is full of the following type of issue: error (unexpected http://serverfault.com/questions/672566/unexpected-rcode-refused-eating-up-log-files RCODE REFUSED) resolving 'target-express.com/AAAA/IN': 193.95.142.60#53 error (unexpected RCODE REFUSED) resolving 'target-express.com/A/IN': 2001:7c8:3:2::5#53 In today's syslog, there are 144258 instances of this, all related to target-express.com. My questions are: is there anything I can do firewall-wise or bind config to stop this? Why would my bind setup be trying to resolve target-express.com (it's not my domain, nothing to do with me). I have checked my forwarders in named.conf, and none of them match the IPs showing in the logs (they are all basically different IPs, not just 193.95.142.60). My iptables reads: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination REJE
Start here for a quick overview of the site Help Center Detailed answers to any questions you http://serverfault.com/questions/438235/what-is-the-meaning-of-these-bind-log-messages might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/44481/unexpected-rcode-refused posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. unexpected rcode Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top What is the meaning of these BIND log messages? up vote 1 down vote favorite 2 Please clarify for me the meaning of named error unexpected the following BIND messages in syslog, these are from a DNS resolver. Whilst I think I understand them, I don't know what all four mean, so I think it's best if someone will clarify for me: 1. Oct 14 18:36:34 resolver1 named[14958]: lame server resolving 'arrivatn.co.uk' (in 'arrivatn.co.uk'?): 212.103.224.56#53 2. Oct 14 18:36:36 resolver1 named[14958]: unexpected RCODE (SERVFAIL) resolving '148.128.183.212.in-addr.arpa/PTR/IN': 212.183.136.42#53 3. Oct 14 18:38:49 resolver1 named[14958]: unexpected RCODE (REFUSED) resolving 'internal-server.ournetwork.com/AAAA/IN': auth.dns.server.ip#53 4. Oct 14 18:39:05 resolver1 named[14958]: client 89.187.127.110#42034: query (cache) 'image.sinajs.cn/A/IN' denied Thank you. logging bind share|improve this question edited Oct 15 '12 at 8:05 asked Oct 14 '12 at 17:50 jwbensley 2,47463664 add a comment| 1 Answer 1 active oldest votes up vote 9 down vote accepted The nameserver it contacted was expected to be authoritative but isn't. The nameserver responded with a SERVFAIL error code. The nameserver responded with a REFUSED error code. The client was denied access to read the cached response for that domain. 1-3 are
Home Sophos UTM 9 Sophos XG Firewall Web Appliance General Malware [Beta] Malware Course Sophos Intercept X Sophos Wireless Knowledge Base Blog Sophos UTM 9 Web Protection: Web Filtering… unexpected RCODE (REFUSED… UTM 9 Release Notes UTM Wiki Knowledge Base Sub-Groups Cancel This group requires membership for participation - click to join Thread Info State Not Answered Date techuser Date 13 Mar 2010 2:52 PM Replies 6 replies Subscribers 1 subscriber Views 626 views English Suggested Have a cool product idea or improvement? We'd love to hear about it! Click here to go to the product suggestion community unexpected RCODE (REFUSED) HiwhatisthemeaningofthesemessagesintheDNSlogfileunexpectedRCODE(REFUSED)resolving'www-google-analytics.l.google.com/A/IN':ipaddress#53unexpectedRCODE(REFUSED)resolving'cffs09.astaro.com/A/IN':ipaddress#53unexpectedRCODE(REFUSED)resolving'cffs04.astaro.com/AAAA/IN':ipaddress#53theipaddressistheISPproxytheproblemiswhenthismessageappearswecan'taccesstheinternetThanks Cancel BAlfson 0 13 Mar 2010 5:25 PM Ihaven'tseenthis.Normally,Ionlysee"RCODE(REFUSED)resolving"messageswheretheSMTPProxyrejectedanemailbecausethesender'sdomainfailedtheRDNStest.I'llguessthatyour'ContentFilter(HTTP)'logshowsblockedsurfrequestsatthesametime. HaveyoutriedusingotherDNSservices?WeuseOpenDNS(208.67.220.220&208.67.222.222).YoualsomighttrytheGooglepublicservers(8.8.8.8&8.8.4.4). Cheers-Bob techuser 0 14 Mar 2010 1:12 PM In reply to BAlfson: HaveyoutriedusingotherDNSservices?WeuseOpenDNS(208.67.220.220&208.67.222.222).YoualsomighttrytheGooglepublicservers(8.8.8.8&8.8.4.4).Cheers-BobyesItriedopenDNSbutstillthesameproblemIsearchedthiserroranditseemsthatifthesizeoftheudppacketisbiggerthan512bytesthefirewallorproxycan'thandleitbutIdon'tknowhowtofixit BAlfson 0 14 Mar 2010 3:32 PM I'dbesurprisedtolearnifthat'stheproblemasIhaven'tseenthisbeforewhenusingtheHTTPProxy.Ifyoususpectthatit'sthistypeofissue,isitpossibleyouhaveanMTUmismatch?MaybeyouhaveaNICthat'sdying? crum66 0 18 Feb 2012 10:17 PM IhadthesameproblemonmyAstaroserverandfoundthatmyproblemwastheMTUvalueonmyinterface.Thisarticlehelpedmefigureitout--Fixing"unexpectedRCODE(SERVFAIL)"and"unexpectedRCODE(REFUSED)"-Ansuz-mskala'shomepage scottj_01 0 25 Aug 2012 10:36 PM In reply to crum66: All- DNSUDPpacketsizemaybeafactorinsomeofthercoderefusedmessages.Pleaseseeenclosedlink.Howeverexceedigthesizeisapparentlycommon. RFC5966-DNSTransportoverTCP-Implemen