refused query on non-query socket ?

[Jim Reid]

>>>>> "Jerri" == Jerri Blavitt³ <no at never.no> writes:

    Jerri> The rpc.statd daemon shipped in Red Hat Linux 6.0, 6.1, and
    Jerri> 6.2 contains a flaw that could lead to a remote root
    Jerri> break-in.  Version 0.1.9.1 of the nfs-utils package
    Jerri> corrects the problem.  Red Hat urges all users running
    Jerri> rpc.statd to upgrade to the new nfs-utils package.

    Jerri> Since then, perhaps coincidence, our message logs are
    Jerri> rapidly filling with these refused query messages:

Ask RedHat about them. Most have nothing to do with the DNS.

    Jerri> Sep  3 12:02:13 ww3 talkd[12703]: 151.196.201.190: bad dns

This is principally a problem with talkd. You need to find out why it
says "bad dns". This may or may not be because of a DNS problem.

    Jerri> Sep 3 12:02:14 ww3 named[1745]: refused query on non-query socket from [151.196.201.125].8822 
    Jerri> Sep 3 12:02:14 ww3 named[1745]: refused query on non-query socket from [151.196.201.116].8822

Something is sending packets that look like DNS queries from port 8822
on 151.196.201.116 and 151.196.201.125 to whatever socket happens to
be the (by default) random, non-privileged port your name server is
using as the source port number of any queries it makes. Nothing
should be sending queries to that socket. Hence the warning messages
from the name server. This might be harmless or it could be something
like a port scanner (or worse). It's odd that the same source port is
used from two different IP addresses.