Solved

"Denied Recursion" messages in firewall log

Posted on 2003-11-07
3
285 Views
Last Modified: 2013-11-16
We recently put all our servers behind a firewall (an Instagate EX2 to be exact).  We have a few web servers, a mail server, and a DNS server running Simple DNS Plus.  I've set up all the policies and everything seems to be working fine except one thing.

Our firewall logs are HUGE and 99% of it is the same message over and over again:
"denied recursion for query from [69.18.166.34].1031 for svr5.erh.noaa.gov IN"
that IP address "69.18.166.34" is the external IP of our DNS server.

Does anybody know what this message means?  What causes it?  If there's anything we can do to stop it?  We go through periods where this message comes up about 50 times per second!

If it helps: Noaa.gov is a weather server that our webservers (using cold fusion) grab weather from to display on webpages.  Those weather pages are working fine despite this repeated message.
0
Comment
Question by:noreastnerd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
daJman earned 180 total points
ID: 9703776
I suspect your DNS server config. Try this:

In the Options menu in DNS Server Plus remove the IP range listed under "Offer Recursion to"

If it requires IP's, put in the internal IP address range of your local LAN private subnet.

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976315
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: daJman

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question