<div dir="ltr">On Mon, May 4, 2015 at 9:38 AM, Chris <span dir="ltr"><<a href="mailto:cpollock@embarqmail.com" target="_blank">cpollock@embarqmail.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I've just finished setting up Bind as a local caching name server to<br>
work in conjunction with my Spamassassin setup. I did this because<br>
queries to <a href="http://uribl.com" target="_blank">uribl.com</a> were getting blocked probably due to my ISPs<br>
reputation for spam. It seems to be working great, no more of the<br>
blocked queries to <a href="http://uribl.com" target="_blank">uribl.com</a> however I am seeing a lot of this:<br>
<br>
error (unexpected RCODE REFUSED) resolving<br>
'<a href="http://b4d44f4bcc9ddf0e61605920116ce915.ctyme.ixhash.net/A/IN" target="_blank">b4d44f4bcc9ddf0e61605920116ce915.ctyme.ixhash.net/A/IN</a>':<br>
62.75.209.50#53<br>
error (unexpected RCODE REFUSED) resolving '<a href="http://getcreations.com/AAAA/IN" target="_blank">getcreations.com/AAAA/IN</a>':<br>
192.185.149.195#53<br>
error (connection refused) resolving<br>
'<a href="http://185.130.201.205.dnsbl.sorbs.net/A/IN" target="_blank">185.130.201.205.dnsbl.sorbs.net/A/IN</a>': 67.228.187.34#53<br>
error (connection refused) resolving<br>
'<a href="http://185.130.201.205.dnsbl.sorbs.net/A/IN" target="_blank">185.130.201.205.dnsbl.sorbs.net/A/IN</a>': 174.36.235.174#53<br>
<br>
<br>
this is a query to a domain I own<br>
<br>
error (unexpected RCODE REFUSED) resolving '<a href="http://toadnet.com/AAAA/IN" target="_blank">toadnet.com/AAAA/IN</a>':<br>
207.218.247.135#53<br>
<br>
Do I have something in my setup incorrect?<br></blockquote><div><br></div><div>Hi Chris,<br><br></div><div>The problem is not with your resolver, but with the zones/servers it is contacting. Take <a href="http://toadnet.com">toadnet.com</a>, for example. The delegation records in the .com zone are these:<br><br>$ dig +noall +authority @<a href="http://a.gtld-servers.net">a.gtld-servers.net</a> <a href="http://toadnet.com">toadnet.com</a> ns<br><a href="http://toadnet.com">toadnet.com</a>. 172800 IN NS <a href="http://ns2.ev1servers.net">ns2.ev1servers.net</a>.<br><a href="http://toadnet.com">toadnet.com</a>. 172800 IN NS <a href="http://ns1.ev1servers.net">ns1.ev1servers.net</a>.<br><a href="http://toadnet.com">toadnet.com</a>. 172800 IN NS <a href="http://ns1.ecdiscounts.com">ns1.ecdiscounts.com</a>.<br><br></div><div>and the authoritative records in the <a href="http://toadnet.com">toadnet.com</a> zone are these:<br><br>$ dig +noall +answer @<a href="http://ns1.ecdiscounts.com">ns1.ecdiscounts.com</a> <a href="http://toadnet.com">toadnet.com</a> ns<br><a href="http://toadnet.com">toadnet.com</a>. 86400 IN NS <a href="http://ns2.usdcservers.net">ns2.usdcservers.net</a>.<br><a href="http://toadnet.com">toadnet.com</a>. 86400 IN NS <a href="http://ns1.usdcservers.net">ns1.usdcservers.net</a>.<br><br></div><div>But the <a href="http://ev1servers.net">ev1servers.net</a> servers are not properly set up to respond for the <a href="http://toadnet.com">toadnet.com</a> zone:<br><br>$ dig +noall +comments @<a href="http://ns1.ev1servers.net">ns1.ev1servers.net</a> <a href="http://toadnet.com">toadnet.com</a> ns<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43670<br>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br>;; WARNING: recursion requested but not available<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 4096<br><br></div><div>In your case, looks like you probably need to clean up the delegation records in the parent zone through your registrar to match the ones in your child zone. Others would need to do similarly, depending on their situation.<br><br></div><div>Cheers,<br></div><div>Casey<br></div><div><br><br></div></div></div></div>