Multiple SERVFAIL/REFUSED unexpected RCODE
Mik J
mikydevel at yahoo.fr
Thu May 5 08:38:15 UTC 2016
Thank you guys for your answers.
Le Mardi 3 mai 2016 16h09, Barry Margolin <barmar at alum.mit.edu> a écrit :
In article <mailman.701.1462281968.73610.bind-users at lists.isc.org>,
Mik J <mikydevel at yahoo.fr> wrote:
> Hello Mark,
> Thank you for your answer. I'm not sure I've understood everything but I'll
> read it numerous times if necessary.I have ACLs so I'm not surprised to see
> these REFUSED, I also understand the SERVFAIL meaning.
Your ACL is not relevant. The REFUSED response is coming from the server
the reverse zone is delegated to.
> I'm just trying to figure out where the problem comes from.You seem to point
> out a device which should be on my network and who queries a PTR (something
> like a mail server which want to check the domain of the user who sent the
> email)
The problem comes from bad reverse DNS delegations of remote addresses.
Unfortunately, this has always been very common.
>
> What I didn't understand is"You could use whois to try to contact the
> administrators of these zones to correct the servers or remove the
> delegations."You mean this one "x.204.99.116.in-addr.arpa" which appeared in
> my logs ?
> Regards
whois -h whois.apnic.net 116.99.204.0
role: VIETEL IPADMIN GROUP
address: 1 Tran Huu Duc, My Dinh, Tu Liem, Hanoi
country: VN
phone: +84-9-83000456
fax-no: +84-4-38460486
e-mail: tiennd at viettel.com.vn
remarks: send spam and abuse report to tiennd at viettel.com.vn
whois 88.165.16.0
role: Administrative Contact for ProXad
address: Free SAS / ProXad
address: 8, rue de la Ville L'Eveque
address: 75008 Paris
phone: +33 1 73 50 20 00
fax-no: +33 1 73 92 25 69
remarks: trouble: Information: http://www.proxad.net/
remarks: trouble: Spam/Abuse requests:
mailto:abuse at proxad.net
admin-c: APfP1-RIPE
tech-c: TPfP1-RIPE
nic-hdl: ACP23-RIPE
mnt-by: PROXAD-MNT
abuse-mailbox: abuse at proxad.net
created: 2002-06-26T12:46:56Z
last-modified: 2013-08-01T12:16:00Z
source: RIPE # Filtered
>
> Le Mardi 3 mai 2016 13h30, Mark Andrews <marka at isc.org> a écrit :
>
>
>
>
> In message <353379836.10168122.1462272936427.JavaMail.yahoo at mail.yahoo.com>,
> Mi
> k J writes:
> >
> > Hello,
> > In my named.log I can see a lot of SERVFAIL/REFUSED unexpected RCODE
> > messages. Most of the time someone tries to resolve a PTR
> > I can see an average of 10 messages per second like these
> > May 3 10:46:26 dns named[7228]: REFUSED unexpected RCODE resolving
> > 'x.204.99.116.in-addr.arpa/PTR/IN': 203.113.131.x#53
> > May 3 10:46:26 dns named[7228]: SERVFAIL unexpected RCODE resolving
> > 'x.16.165.88.in-addr.arpa/PTR/IN': 193.0.9.x#53
> >
> > The PTR records don't belong to me and the remote DNS servers are located
> > around the world.
> > Does anyone has an understanding of why I receive these type of requests
> > ? Why do they query my DNS servers ?
> > Thank you
>
> Something on your network is trying to convert 116.00.204.x and
> 88.165.16.x addresses to names, presumably because they are seeing
> traffic from those addresses. In both cases there appears to be
> broken delegations involved.
>
> REFUSED usually means that the server is not configured for the
> zone.
>
> SERVFAIL usually means that the server is configured for the zone
> but doesn't have a current copy.
>
> You could use whois to try to contact the administrators of these
> zones to correct the servers or remove the delegations.
>
> Mark
--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160505/699d8523/attachment.html>
More information about the bind-users
mailing list