unexpected RCODE

Mark Watts m.watts at eris.qinetiq.com
Fri Mar 24 10:56:28 UTC 2006 

> > > In article <dvrvjf$155e$1 at sf1.isc.org>,
> > >
> > >  Mark Watts <m.watts at eris.qinetiq.com> wrote:
> > > > I keep getting the following type of messages in syslog on a bind
> > > > 9.3.1 box (its an internal dns domain - not visible from outside the
> > > > network):
> > > >
> > > > Mar 22 16:34:24 ins0 named[2086]: unexpected RCODE (REFUSED)
> > > > resolving 'blog.mq.eris.qinetiq.com/AAAA/IN': 128.98.76.115#53
> > > >
> > > > I get lots of these, all for machines on the mq.eriq.qinetiq.com
> > > > domain, which
> > > > should be being delegated to the IP address given.
> > >
> > > Check the allow-query option on that machine -- apparently it isn't
> > > allowing queries from your server.
> >
> > I'm a little confused now:
> >
> > [root at ins0 ~]# dig blog.mq.eris.qinetiq.com @128.98.76.115
> >
> > ; <<>> DiG 9.3.1 <<>> blog.mq.eris.qinetiq.com @128.98.76.115
> > ; (1 server found)
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61889
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;blog.mq.eris.qinetiq.com.      IN      A
> >
> > ;; ANSWER SECTION:
> > blog.mq.eris.qinetiq.com. 0     IN      A       128.98.76.115
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 128.98.76.115#53(128.98.76.115)
> > ;; WHEN: Thu Mar 23 17:46:26 2006
> > ;; MSG SIZE  rcvd: 58
> >
> >
> > Looking at the initial error, am I right in thinking its an IPv6 query
> > that i s
> > being rejected?
> > If so, what might be generating these queries since we don't run any IPv6
> > networks?
>
> 	Do you have IPv6 configured on any box in your network?  Lots
> 	of machines will have ::1 configured in lo0 but no IPv6 on the
> 	external interfaces.

Yes actually, now you mention it. Most of our modern linux systems seem to 
have ::1 on lo and what I can only guess is some representation of their MAC 
address on eth0. For example:

eth0      Link encap:Ethernet  HWaddr 00:06:5B:05:9E:6A
          inet addr:128.98.1.3  Bcast:128.98.1.255  Mask:255.255.255.0
          inet6 addr: fe80::206:5bff:fe05:9e6a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:73910412 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78088831 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:664223180 (633.4 MiB)  TX bytes:1087081131 (1.0 GiB)
          Interrupt:16

> 	The nameserver in question is broken.  The normal response is
> 	a NOERROR response with no answers in the answer section.
> 	See RFC 2308 for full details.

Well at least its not our servers being broken :o)

Thanks for your help - I now have something to bash them with.

Cheers,

Mark.

-- 
Mark Watts BSc RHCE
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Public Key ID: 455420ED

More information about the bind-users mailing list