error (unexpected RCODE REFUSED) resolving
Frank Bulk
frnkblk at iname.com
Sat Oct 13 22:36:48 UTC 2012
There's more: both ns1.netbcp.com and ns2.netbcp.net don't respond to
queries about nbc.com and ns1.netbcp.com doesn't respond over TCP.
Frank
From: bind-users-bounces+frnkblk=iname.com at lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname.com at lists.isc.org] On Behalf Of
Kevin Darcy
Sent: Friday, October 12, 2012 12:48 PM
Cc: bind-users at lists.isc.org
Subject: Re: error (unexpected RCODE REFUSED) resolving
OK, so your nbc.com/A resolving error doesn't really have anything to do
with the nameservers you included in your original post.
It does appear, however, that ns2.netbcp.net (205.173.93.213) is refusing
requests generally for the nbc.com domain:
$ dig nbc.com +buf=4096 +norec @ns2.netbcp.net
; <<>> DiG 9.4.3-P3 <<>> nbc.com +buf=4096 +norec @ns2.netbcp.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1019
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nbc.com. IN A
;; Query time: 30 msec
;; SERVER: 205.173.93.213#53(205.173.93.213)
;; WHEN: Fri Oct 12 13:44:56 2012
;; MSG SIZE rcvd: 36
ns1.netbcp.com appears to be doing the same thing.
Not known whether this is something temporary (performing maintenance?), or
something permanent (provider's contract lapsed, but customer never updated
delegations).
In any case, you have enough working authoritative nameservers for the
domain, so it'll continue to resolve for you...
- Kevin
On 10/12/2012 1:35 PM, James Tingler wrote:
I don't think that I am. I only define internal forwarders for internal
zones as needed. For my root hint, standard configuration:
Named.conf
zone "." {
type hint;
file "named.ca";
Named.ca:
; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
;; Query time: 147 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 18 13:29:18 2008
;; MSG SIZE rcvd: 615
"named.ca" 52L, 1892C
>>> "Kevin Darcy" <mailto:kcd at chrysler.com> <kcd at chrysler.com> 10/12/2012
1:20 PM >>>
On 10/12/2012 12:28 PM, James Tingler wrote:
Hello,
I'm getting what appears to be a common "error (unexpected RCODE REFUSED)
resolving" error. My research has lead me to disable IPv6 when starting the
named service with "named -4" as it could be related to IPv6 broken
connectivity (of which we been actively deploying and testing). This has
taken away the AAAA log activity but I still get the error:
Oct 12 16:06:55 prod75-dns1 named[23866]: error (unexpected RCODE REFUSED)
resolving 'nbc.com/A/IN': 205.173.93.213#53
Exploring this more, almost all domains I'm having problems with (as
discovered through dig) is related to this forwarder:
nationalmap.gov. 5M IN NS rdsdns5.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns1.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns2.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns6.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns3.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns4.ultradns.net.
linkedin.com, nbc.com, nationalmap.gov
nbc.com is not hosted on those nameservers:
nbc.com. 86400 IN NS pdns1.ultradns.net.
nbc.com. 86400 IN NS pdns2.ultradns.net.
nbc.com. 86400 IN NS pdns3.ultradns.org.
nbc.com. 86400 IN NS pdns4.ultradns.org.
nbc.com. 86400 IN NS pdns5.ultradns.info.
nbc.com. 86400 IN NS pdns6.ultradns.co.uk.
nbc.com. 86400 IN NS ns1.netbcp.com.
nbc.com. 86400 IN NS ns2.netbcp.net.
Neither is linkedin.com.
I hope you're not trying to use authoritative nameservers as "forwarders" in
the strict BIND sense. If you have full Internet connectivity, there's
really no reason to be forwarding at all. Configure your root hints and be
happy.
Note - I'm also seeing plenty of lame server and EDNS errors.
Those are fairly normal.
-
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121013/7092b712/attachment.html>
More information about the bind-users
mailing list