How to Stop the "unexpected RCODE (SERVFAIL)" Messages?

imacat imacat at mail.imacat.idv.tw
Sun Feb 5 16:13:30 UTC 2006 

On Sat, 4 Feb 2006 22:12:12 +0100
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Sun, Feb 05, 2006 at 02:13:47AM +0800,
>  imacat <imacat at mail.imacat.idv.tw> wrote 
> > imacat at rinse ~ % grep 'unexpected RCODE (SERVFAIL)' /var/log/messages |
> > grep '^Feb  4 21:'
> > Feb  4 21:00:32 rinse named[2037]: unexpected RCODE (SERVFAIL) resolving
> > '194.183.255.216.in-addr.arpa/PTR/IN': 127.0.0.1#50053
> ...
> > My syslog file is growing up enormously,
> > and I feel the life-span of my root harddisk shortened on every scratch. 
> Reading the source code of BIND (because I cannot find it in the
> documentation), it seems that this message is logged in the category
> "lame-servers". So, adding:
> logging {
>         category lame-servers { null; };
> You can read the BIND ARM to learn more about categories and
> logging. See chapter "logging Statement Grammar", which includes a
> table of available categories.
    It works!  It's magic!  It's a miracle! *^_^*

    Sorry I forgot that BIND ARM might have an answer.  Actually, now
that you are talking about "lame-servers", I remembered this.  Some how
I heard of it years ago, I did not disable it, because I was told to be
supposed to be solving the problem instead of supressing the error
messages.

    I have digged into the source.  I found that disabling "lame-servers"
will also disable other type of "lame-servers" messages, too.  I'm a
little concerned to this.  I do not want to supress error messages of my
own servers.  But currently, I have to save my harddisk by doing so, or
my harddisk will die sooner or later.  My harddisk is of more importance.

    Is there any BIND member talking care of this DoS issue?  Maybe a
new category, say, "remote-lame-servers"?

    In fact, it's interesting that I got 1/5 of the syslog messages that
are "unexpect RCODE (SERVFAIL)".  And I haven't got any other RCODE
other than SERVFAIL.  I got no "unexpected OPCODE", too.

imacat at rinse ~ % gunzip -c messages.200601.gz| wc -l
286007
imacat at rinse ~ % gunzip -c messages.200601.gz| grep 'unexpected RCODE
(SERVFAIL)' | wc -l
46724
imacat at rinse ~ % gunzip -c messages.200601.gz| grep 'unexpected RCODE' |
grep -v SERVFAIL | wc -l
0
imacat at rinse ~ % gunzip -c messages.200601.gz| grep 'unexpected OPCODE'
| wc -l
0
imacat at rinse ~ %

--
Best regards,
imacat ^_*' <imacat at mail.imacat.idv.tw>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug

More information about the bind-users mailing list