Multiple SERVFAIL/REFUSED unexpected RCODE
Mark Andrews
marka at isc.org
Tue May 3 11:30:00 UTC 2016
In message <353379836.10168122.1462272936427.JavaMail.yahoo at mail.yahoo.com>, Mi
k J writes:
>
> Hello,
> In my named.log I can see a lot of SERVFAIL/REFUSED unexpected RCODE
> messages. Most of the time someone tries to resolve a PTR
> I can see an average of 10 messages per second like these
> May 3 10:46:26 dns named[7228]: REFUSED unexpected RCODE resolving
> 'x.204.99.116.in-addr.arpa/PTR/IN': 203.113.131.x#53
> May 3 10:46:26 dns named[7228]: SERVFAIL unexpected RCODE resolving
> 'x.16.165.88.in-addr.arpa/PTR/IN': 193.0.9.x#53
>
> The PTR records don't belong to me and the remote DNS servers are located
> around the world.
> Does anyone has an understanding of why I receive these type of requests
> ? Why do they query my DNS servers ?
> Thank you
Something on your network is trying to convert 116.00.204.x and
88.165.16.x addresses to names, presumably because they are seeing
traffic from those addresses. In both cases there appears to be
broken delegations involved.
REFUSED usually means that the server is not configured for the
zone.
SERVFAIL usually means that the server is configured for the zone
but doesn't have a current copy.
You could use whois to try to contact the administrators of these
zones to correct the servers or remove the delegations.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list