Solved

BIND DNS Server Logs full of "unexpected RCODE (SERVFAIL)"

Posted on 2010-08-19
4
3,938 Views
Last Modified: 2012-12-28
We don't use this serve to host any zones at all.  We just use it as a caching DNS server really.  We don't have any DNS servers to forward requests to either.  So I'm wondering why I get 20,000 error messages a day per server.  I understand my server is trying to look up DNS information across the internet and is not finding the information or is rejected which is causing these errors.

I have an ACL to only allow lookup requests from people inside my network.  So this DNS server cannot be used by people on the outside.   I use webmin to manage the bind server.  

Some examples..

unexpected RCODE (SERVFAIL) resolving '199.252.32.89.in-addr.arpa/ANY/IN': 194.54.128.226#53: 2 Time(s)
    unexpected RCODE (REFUSED) resolving '101.54.6.207.in-addr.arpa/ANY/IN': 209.53.4.150#53: 1 Time(s)
    unexpected RCODE (REFUSED) resolving '91.32.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53: 1 Time(s)
    unexpected RCODE (SERVFAIL) resolving 'ns1-cle.bluebridgenetworks.net/AAAA/IN': 76.10.196.5#53: 1 Time(s)
    unexpected RCODE (REFUSED) resolving 'ns1.fastserve.net/AAAA/IN': 216.176.200.5#53: 1 Time(s)
    unexpected RCODE (SERVFAIL) resolving 'sapphire.newgrounds.com/A/IN': 66.28.0.14#53: 1 Time(s)
    unexpected RCODE (SERVFAIL) resolving 'ns2.westnet.ie/AAAA/IN': 88.81.98.4#53: 1 Time(s)
    unexpected RCODE (REFUSED) resolving '22.218.192.99.in-addr.arpa/ANY/IN': 64.59.65.3#53: 1 Time(s)
    unexpected RCODE (REFUSED) resolving 'ns2.fastserve.net/A/IN': 216.176.200.5#53: 1 Time(s)


What can I do to fix this?  
0
Comment
Question by:wisptech
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 500 total points
ID: 33478690
Do you happen to have a firewall in front of the DNS server, I've seen some cases where a F/W will only allow a certain size DNS request and will truncate them.
0
 

Author Comment

by:wisptech
ID: 33479117
Yes I had just figured it out with the help of someone in IRC.  I had left port 53 open for future use in case I hosted some zones.  That is where all the queries were coming from.  BIND was denying them their query of course.  For now I closed iptables down to only our network and port 53.  Thanks for bringing it  up :)
0
 

Author Closing Comment

by:wisptech
ID: 33479141
Firewall issue
0
 

Expert Comment

by:adminjoe
ID: 35221494
i face the same problem, most of the time my clients can't access internet . They all use the same dns server. The logs keep increasing the /var/log/messages file size. What happen actually to my dns server.
seems like the server cant resolv certain ip and name address. Btw i still can do nslookup.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Goal:  To set up a secure SSH server for your home computer to make it accessible anywhere AND to use it as a port forwarding proxy. Steps 1.  WinSSHD version 5 is free for personal use.  So download and install it.  You can download it from the…
If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question