Multiple SERVFAIL/REFUSED unexpected RCODE

Mik J mikydevel at yahoo.fr
Tue May 3 13:25:59 UTC 2016


Hello Mark,
Thank you for your answer. I'm not sure I've understood everything but I'll read it numerous times if necessary.I have ACLs so I'm not surprised to see these REFUSED, I also understand the SERVFAIL meaning.
I'm just trying to figure out where the problem comes from.You seem to point out a device which should be on my network and who queries a PTR (something like a mail server which want to check the domain of the user who sent the email)

What I didn't understand is"You could use whois to try to contact the administrators of these zones to correct the servers or remove the delegations."You mean this one "x.204.99.116.in-addr.arpa" which appeared in my logs ?
Regards 

    Le Mardi 3 mai 2016 13h30, Mark Andrews <marka at isc.org> a écrit :
 
 

 
In message <353379836.10168122.1462272936427.JavaMail.yahoo at mail.yahoo.com>, Mi
k J writes:
>
> Hello,
> In my named.log I can see a lot of SERVFAIL/REFUSED unexpected RCODE
> messages. Most of the time someone tries to resolve a PTR
> I can see an average of 10 messages per second like these
> May  3 10:46:26 dns named[7228]: REFUSED unexpected RCODE resolving
> 'x.204.99.116.in-addr.arpa/PTR/IN': 203.113.131.x#53
> May  3 10:46:26 dns named[7228]: SERVFAIL unexpected RCODE resolving
> 'x.16.165.88.in-addr.arpa/PTR/IN': 193.0.9.x#53
>
> The PTR records don't belong to me and the remote DNS servers are located
> around the world.
> Does anyone has an understanding of why I receive these type of requests
> ? Why do they query my DNS servers ?
> Thank you

Something on your network is trying to convert 116.00.204.x and
88.165.16.x addresses to names, presumably because they are seeing
traffic from those addresses.  In both cases there appears to be
broken delegations involved.

REFUSED usually means that the server is not configured for the
zone.

SERVFAIL usually means that the server is configured for the zone
but doesn't have a current copy.

You could use whois to try to contact the administrators of these
zones to correct the servers or remove the delegations.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                INTERNET: marka at isc.org


 
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160503/eef06324/attachment.html>


More information about the bind-users mailing list