How to Stop the "unexpected RCODE (SERVFAIL)" Messages?

Mark Andrews Mark_Andrews at isc.org
Sat Feb 4 22:35:48 UTC 2006 

> Dear all,
>     Hi.  I'm new here.  I'm running BIND 9.3.2, with sendmail on a same
> box.  The "unexpected RCODE (SERVFAIL)" message is blowing up my syslog. 
> Just tonight I heard my harddisk scratching hardly again.  I checked the
> syslog.  There are 1277 "unexpected RCODE (SERVFAIL)" in one hour:
> 
> imacat at rinse ~ % grep 'unexpected RCODE (SERVFAIL)' /var/log/messages |
> grep '^Feb  4 21:'
> Feb  4 21:00:32 rinse named[2037]: unexpected RCODE (SERVFAIL) resolving
> '194.183.255.216.in-addr.arpa/PTR/IN': 127.0.0.1#50053
> Feb  4 21:00:34 leaf named[2008]: unexpected RCODE (SERVFAIL) resolving
> '194.183.255.216.in-addr.arpa/PTR/IN': 168.95.1.1#53
> ...
> imacat at rinse ~ % grep 'unexpected RCODE (SERVFAIL)' /var/log/messages |
> grep '^Feb  4 21:' | wc -l
> 1277
> imacat at rinse ~ % grep 'unexpected RCODE (SERVFAIL)' /var/log/messages |
> grep '^Feb  4 21:00' | wc -l
> 24
> imacat at rinse ~ %
> 
>     I searched the archive.  On Sep 2, 2004 Kevin Darcy said that these
> are problems of others' name servers.  There is nothing I can do here. 

	But there is.  You can report it.  The nameservers for
	183.255.216.in-addr.arpa are lame.  In this case you are
	using forwarders so you are finding out second hand (hence
	the SERVFAIL).

	Lookup the whois contact details and inform them.

	If that fails report it to the parent (ARIN in this case) so the
	delegation can be withdrawn.

	Mark

OrgName:    InterCage, Inc.
OrgID:      INTER-359
Address:    1955 Monument Blvd.
Address:    #236
City:       Concord
StateProv:  CA
PostalCode: 94520
Country:    US

ReferralServer: rwhois://rwhois.intercage.com:4321/

NetRange:   216.255.176.0 - 216.255.191.255
CIDR:       216.255.176.0/20
NetName:    INTERCAGE-NETWORK-GROUP2
NetHandle:  NET-216-255-176-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS10.INTERCAGE.COM
NameServer: NS11.INTERCAGE.COM
Comment:
RegDate:    2005-09-20
Updated:    2005-09-20

OrgAbuseHandle: ABUSE735-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  +1-925-550-3947
OrgAbuseEmail:  abuse at intercage.com

OrgNOCHandle: NETWO670-ARIN
OrgNOCName:   Network Operations
OrgNOCPhone:  +1-925-550-3947
OrgNOCEmail:  noc at intercage.com

OrgTechHandle: INE4-ARIN
OrgTechName:   IP Network Engineering
OrgTechPhone:  +1-925-550-3947
OrgTechEmail:  ipeng at intercage.com

# ARIN WHOIS database, last updated 2006-02-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

> But, hey, this is my harddisk!  My syslog file is growing up enormously,
> and I feel the life-span of my root harddisk shortened on every scratch. 
> This is sort of DoS.  My heart aches on every such scratch~ >_<
> 
>     Is there any way I can suppress these messages?  These messages are
> irrevelent to my system at all.  I would rather like to keep more
> relevant information in my syslog, for ex, other type of failurs than
> SERVFAIL, or even supress the whole 'unexpected RCODE'.  Or is there
> something like the "limit" target in Linux iptables/netfilter that can
> prevent my harddisk from blowing up?  Can anyone teach me how I can do
> on this?  Thank you.
> 
> --
> Best regards,
> imacat ^_*' <imacat at mail.imacat.idv.tw>
> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
> 
> <<Woman's Voice>> News: http://www.wov.idv.tw/
> Tavern IMACAT's: http://www.imacat.idv.tw/
> TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list