We recently put all our servers behind a firewall (an Instagate EX2 to be exact). We have a few web servers, a mail server, and a DNS server running Simple DNS Plus. I've set up all the policies and everything seems to be working fine except one thing.
Our firewall logs are HUGE and 99% of it is the same message over and over again:
"denied recursion for query from [22.214.171.124].1031 for svr5.erh.noaa.gov IN"
that IP address "126.96.36.199" is the external IP of our DNS server.
Does anybody know what this message means? What causes it? If there's anything we can do to stop it? We go through periods where this message comes up about 50 times per second!
If it helps: Noaa.gov is a weather server that our webservers (using cold fusion) grab weather from to display on webpages. Those weather pages are working fine despite this repeated message.