Chris wrote:
> Is there a way to turn off queries to SORBS so I don't keep seeing this
> in my logs:
>
> error (connection refused) resolving
> '23.164.11.209.dnsbl.sorbs.net/A/IN': 67.228.187.34#53
>
> I have Bind9 setup as a caching name server and am using 127.0.0.1 as my
> DNS.
Are you seeing problems with the actual lookups failing, or just upset
about the log noise?
I get a fair volume of similar failures in my own log on my personal
server (4 live accounts, ~500 messages daily, most spam; log since
weekly rotation on Sunday):
[root@hex ]# grep 'connection refused' /var/log/messages|grep sorbs|awk
'{ print $10; }'|sort|uniq -c
2 113.52.8.150#53
79 174.36.198.233#53
74 174.36.235.174#53
40 67.228.187.34#53
yet the actual lookups don't fail, they fall over to another upstream
server.
If it's really that big a problem, you can suppress all such log
messages in the BIND config. Depending on which syslog daemon you're
using, you may be able to suppress only the SORBS failures from reaching
the log file. I'm not sure, but you may even be able to tell BIND to
either not log failures only for SORBS, or never attempt lookups off of
the failing servers in the first place.
-kgd
