Thank you guys for your answers. Le Mardi 3 mai 2016 16h09, Barry Margolin <bar...@alum.mit.edu> a écrit :
In article <mailman.701.1462281968.73610.bind-us...@lists.isc.org>, Mik J <mikyde...@yahoo.fr> wrote: > Hello Mark, > Thank you for your answer. I'm not sure I've understood everything but I'll > read it numerous times if necessary.I have ACLs so I'm not surprised to see > these REFUSED, I also understand the SERVFAIL meaning. Your ACL is not relevant. The REFUSED response is coming from the server the reverse zone is delegated to. > I'm just trying to figure out where the problem comes from.You seem to point > out a device which should be on my network and who queries a PTR (something > like a mail server which want to check the domain of the user who sent the > email) The problem comes from bad reverse DNS delegations of remote addresses. Unfortunately, this has always been very common. > > What I didn't understand is"You could use whois to try to contact the > administrators of these zones to correct the servers or remove the > delegations."You mean this one "x.204.99.116.in-addr.arpa" which appeared in > my logs ? > Regards whois -h whois.apnic.net 116.99.204.0 role: VIETEL IPADMIN GROUP address: 1 Tran Huu Duc, My Dinh, Tu Liem, Hanoi country: VN phone: +84-9-83000456 fax-no: +84-4-38460486 e-mail: tie...@viettel.com.vn remarks: send spam and abuse report to tie...@viettel.com.vn whois 88.165.16.0 role: Administrative Contact for ProXad address: Free SAS / ProXad address: 8, rue de la Ville L'Eveque address: 75008 Paris phone: +33 1 73 50 20 00 fax-no: +33 1 73 92 25 69 remarks: trouble: Information: http://www.proxad.net/ remarks: trouble: Spam/Abuse requests: mailto:ab...@proxad.net admin-c: APfP1-RIPE tech-c: TPfP1-RIPE nic-hdl: ACP23-RIPE mnt-by: PROXAD-MNT abuse-mailbox: ab...@proxad.net created: 2002-06-26T12:46:56Z last-modified: 2013-08-01T12:16:00Z source: RIPE # Filtered > > Le Mardi 3 mai 2016 13h30, Mark Andrews <ma...@isc.org> a écrit : > > > > > In message <353379836.10168122.1462272936427.javamail.ya...@mail.yahoo.com>, > Mi > k J writes: > > > > Hello, > > In my named.log I can see a lot of SERVFAIL/REFUSED unexpected RCODE > > messages. Most of the time someone tries to resolve a PTR > > I can see an average of 10 messages per second like these > > May 3 10:46:26 dns named[7228]: REFUSED unexpected RCODE resolving > > 'x.204.99.116.in-addr.arpa/PTR/IN': 203.113.131.x#53 > > May 3 10:46:26 dns named[7228]: SERVFAIL unexpected RCODE resolving > > 'x.16.165.88.in-addr.arpa/PTR/IN': 193.0.9.x#53 > > > > The PTR records don't belong to me and the remote DNS servers are located > > around the world. > > Does anyone has an understanding of why I receive these type of requests > > ? Why do they query my DNS servers ? > > Thank you > > Something on your network is trying to convert 116.00.204.x and > 88.165.16.x addresses to names, presumably because they are seeing > traffic from those addresses. In both cases there appears to be > broken delegations involved. > > REFUSED usually means that the server is not configured for the > zone. > > SERVFAIL usually means that the server is configured for the zone > but doesn't have a current copy. > > You could use whois to try to contact the administrators of these > zones to correct the servers or remove the delegations. > > Mark -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users