DNS log analysis , what might be the regions?
william at elan.net
william at elan.net
Thu Dec 1 06:59:44 UTC 2005
Stephane Bortzmeyer wrote:
> On Wed, Nov 30, 2005 at 08:53:26PM +0545,
> Shishir Saud <shishir at subisu.net.np> wrote
> a message of 22 lines which said:
>
> > what might be the regions for this ?
>
> You mean the reasons?
>
> > unexpected RCODE (SERVFAIL) resolving
> > '1.95.28.83.combined-HIB.dnsiplists.completewhois.com/A/IN':
> > 64.68.11.11#53
There was an attack in the morning. Error code means none of the name
servers responded in time.
> Genuinely broken domain.
>
> % check_soa dnsiplists.completewhois.com
Absense of SOA would not cause RCODE2
> There was no response from dnsl2.completewhois.com
> There was no response from dnsl1.completewhois.com
> There is no name server running on dnsl3.completewhois.com
rbldnsd does not seem to add soa for root of the actual loaded zones,
but zones themselve have soa records, i.e.
$dig soa 1.95.28.83.combined-HIB.dnsiplists.completewhois.com
...
combined-HIB.dnsiplists.completewhois.com. 3600 IN SOA
comments.completewhois.c
om. dnsl2.completewhois.com. 1133419520 7200 7200 604800 3600
;; Received 121 bytes from 64.68.11.11#53(dnsl2.completewhois.com) in 0
ms
> > unexpected RCODE (SERVFAIL) resolving 'mistyuk2.biafuru.net/MX/IN':
> > 216.198.199.201#53
>
> Genuinely broken domain.
>
> % check_soa biafuru.net
> There was no response from ns4.webminders.com
> There was no response from ns3.webminders.com
More information about the bind-users
mailing list