On Wed, 2015-05-13 at 10:12 -0400, Kris Deugau wrote: > Chris wrote: > > Is there a way to turn off queries to SORBS so I don't keep seeing this > > in my logs: > > > > error (connection refused) resolving > > '23.164.11.209.dnsbl.sorbs.net/A/IN': 67.228.187.34#53 > > > > I have Bind9 setup as a caching name server and am using 127.0.0.1 as my > > DNS. > > Are you seeing problems with the actual lookups failing, or just upset > about the log noise? > > I get a fair volume of similar failures in my own log on my personal > server (4 live accounts, ~500 messages daily, most spam; log since > weekly rotation on Sunday): > > [root@hex ]# grep 'connection refused' /var/log/messages|grep sorbs|awk > '{ print $10; }'|sort|uniq -c > 2 113.52.8.150#53 > 79 174.36.198.233#53 > 74 174.36.235.174#53 > 40 67.228.187.34#53 > > yet the actual lookups don't fail, they fall over to another upstream > server. > > If it's really that big a problem, you can suppress all such log > messages in the BIND config. Depending on which syslog daemon you're > using, you may be able to suppress only the SORBS failures from reaching > the log file. I'm not sure, but you may even be able to tell BIND to > either not log failures only for SORBS, or never attempt lookups off of > the failing servers in the first place. > > -kgd
Not upset about the 'noise', to my untrained eye it looks to me as if the lookups are failing: chris@localhost:/var/log$ grep 'connection refused' /var/log/syslog|grep sorbs|awk '{ print $10; }'|sort|uniq -c 1 '11.1.4.96.dnsbl.sorbs.net/A/IN': 1 '114.210.57.173.dnsbl.sorbs.net/A/IN': 1 '139.207.161.25.dnsbl.sorbs.net/A/IN': 1 '183.163.46.207.dnsbl.sorbs.net/A/IN': 1 '54.139.130.12.dnsbl.sorbs.net/A/IN': 2 'aftershock.sorbs.net/A/IN': 2 'cannonball.sorbs.net/A/IN': 2 'ns0.sorbs.net/A/IN': 1 'ns2.sorbs.net/AAAA/IN': 3 'ns2.sorbs.net/A/IN': 1 'ns4.sorbs.net/AAAA/IN': 3 'ns4.sorbs.net/A/IN': The above is just from todays syslog starting at 7:40 this morning. Here's yesterdays: chris@localhost:/var/log$ grep 'connection refused' /var/log/syslog.1| grep sorbs|awk '{ print $10; }'|sort|uniq -c 1 '112.89.189.91.dnsbl.sorbs.net/A/IN': 2 '11.67.255.128.dnsbl.sorbs.net/A/IN': 1 '119.123.171.166.dnsbl.sorbs.net/A/IN': 2 '121.34.211.207.dnsbl.sorbs.net/A/IN': 1 '136.207.152.107.dnsbl.sorbs.net/A/IN': 2 '15.6.255.128.dnsbl.sorbs.net/A/IN': 1 '173.190.42.208.dnsbl.sorbs.net/A/IN': 1 '178.18.143.94.dnsbl.sorbs.net/A/IN': 1 '18.167.87.216.dnsbl.sorbs.net/A/IN': 1 '19.94.189.91.dnsbl.sorbs.net/A/IN': 1 '202.135.201.205.dnsbl.sorbs.net/A/IN': 3 '212.163.111.63.dnsbl.sorbs.net/A/IN': 1 '23.164.11.209.dnsbl.sorbs.net/A/IN': 1 '236.47.41.192.dnsbl.sorbs.net/A/IN': 1 '243.86.197.70.dnsbl.sorbs.net/A/IN': 1 '36.58.176.166.dnsbl.sorbs.net/A/IN': 1 '48.200.56.41.dnsbl.sorbs.net/A/IN': 2 '54.139.130.12.dnsbl.sorbs.net/A/IN': 1 '57.103.45.66.dnsbl.sorbs.net/A/IN': 1 '73.31.231.89.dnsbl.sorbs.net/A/IN': 1 '79.242.62.166.dnsbl.sorbs.net/A/IN': 1 '8.167.87.216.dnsbl.sorbs.net/A/IN': 1 '96.207.152.107.dnsbl.sorbs.net/A/IN': 2 'ns0.sorbs.net/AAAA/IN': 2 'ns0.sorbs.net/A/IN': I really don't want to suppress the syslog entries nor do I not want to query SORBS, I would just like to figure out why the connection is refused. -- Chris KeyID 0xE372A7DA98E6705C 31.11°N 97.89°W (Elev. 1092 ft) 09:46:29 up 2 days, 3:55, 2 users, load average: 0.04, 0.08, 0.11 Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar 31 02:07:04 UTC 2015