Logwatch Unmatched Entries

Eric Paulsen epaulsen at smls.org
Sat Aug 15 23:13:59 UTC 2009


I've recently moved our DNS from FreeBSD 4 / Bind8 to CentOS 5.3  
Bind9.4.3. These are not authoritative for any routable domains but  
are for my NAT'd school network. I have an AD server (10.1.60.11) that  
forwards to my two Bind servers. I receive the logwatch each night and  
have some questions.

1) Zone update refused from my windows workstations.

Zone update refused:
    10.1.60.11 (60.1.10.IN-ADDR.ARPA/IN): 24 Time(s)
    10.1.60.11 (smls.org/IN): 48 Time(s)
    10.1.60.122 (smls.org/IN): 4 Time(s)
    10.1.60.82 (smls.org/IN): 8 Time(s)
    10.1.60.84 (smls.org/IN): 12 Time(s)
    10.1.60.85 (smls.org/IN): 15 Time(s)
    10.1.60.89 (smls.org/IN): 1 Time(s)

What are these machines trying to do?

2) Unmatched Entries

chase DS servers resolving '165.55.65.in-addr.arpa/DS/IN':  
65.55.226.140#53: 21 Time(s)
    must-be-secure resolving '205.in-addr.arpa.dlv.isc.org/DLV/IN':  
199.6.0.29#53: 1 Time(s)
    must-be-secure resolving '216.in-addr.arpa.dlv.isc.org/DLV/IN':  
149.20.64.4#53: 1 Time(s)
    no valid DS resolving '187.37.55.65.in-addr.arpa/PTR/IN':  
68.115.71.53#53: 1 Time(s)
    no valid DS resolving '2.16.11.168.in-addr.arpa/PTR/IN':  
68.115.71.53#53: 1 Time(s)
    no valid DS resolving 'org.dlv.isc.org/DLV/IN': 199.254.63.254#53:  
2 Time(s)
    no valid DS resolving 'org.dlv.isc.org/DLV/IN': 199.6.0.29#53: 1  
Time(s)
...snip...
    no valid RRSIG resolving '16.11.168.in-addr.arpa/DS/IN':  
127.0.0.1#53: 1 Time(s)
    no valid RRSIG resolving '16.11.168.in-addr.arpa/DS/IN':  
131.144.4.10#53: 1 Time(s)
    no valid RRSIG resolving '16.11.168.in-addr.arpa/DS/IN':  
131.144.4.9#53: 1 Time(s)
...snip...
    not insecure resolving '55.65.in-addr.arpa/NS/IN': 127.0.0.1#53:  
19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN':  
207.46.66.126#53: 19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN':  
213.199.161.77#53: 19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN':  
24.196.64.53#53: 19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN': 64.4.59.173#53:  
19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN':  
65.55.226.140#53: 19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN': 65.55.37.62#53:  
19 Time(s)
    not insecure resolving '55.65.in-addr.arpa/NS/IN':  
68.115.71.53#53: 19 Time(s)
    not insecure resolving 'isc.org/NS/IN': 199.254.63.254#53: 1 Time(s)
    not insecure resolving 'isc.org/NS/IN': 199.6.1.30#53: 1 Time(s)
    not insecure resolving 'isc.org/NS/IN': 68.115.71.53#53: 1 Time(s)
    not insecure resolving 'se/DNSKEY/IN': 130.239.5.114#53: 1 Time(s)
    not insecure resolving 'se/DNSKEY/IN': 192.36.133.107#53: 1 Time(s)
    not insecure resolving 'se/DNSKEY/IN': 192.71.53.53#53: 1 Time(s)
    validating @0xab01de0: 205.in-addr.arpa.dlv.isc.org DLV: must be  
secure failure: 1 Time(s)
    validating @0xb49fe660: 216.in-addr.arpa.dlv.isc.org DLV: must be  
secure failure: 1 Time(s)

What do these log entries mean? Anything to worry about?

Thanks for taking the time to help out.
---
Eric




More information about the bind-users mailing list