On Wed, 2015-05-13 at 10:12 -0400, Kris Deugau wrote:
> Chris wrote:
> > Is there a way to turn off queries to SORBS so I don't keep seeing this
> > in my logs:
> >
> > error (connection refused) resolving
> > '23.164.11.209.dnsbl.sorbs.net/A/IN': 67.228.187.34#53
> >
> > I have Bind9 setup as a caching name server and am using 127.0.0.1 as my
> > DNS.
>
> Are you seeing problems with the actual lookups failing, or just upset
> about the log noise?
>
> I get a fair volume of similar failures in my own log on my personal
> server (4 live accounts, ~500 messages daily, most spam; log since
> weekly rotation on Sunday):
>
> [root@hex ]# grep 'connection refused' /var/log/messages|grep sorbs|awk
> '{ print $10; }'|sort|uniq -c
> 2 113.52.8.150#53
> 79 174.36.198.233#53
> 74 174.36.235.174#53
> 40 67.228.187.34#53
>
> yet the actual lookups don't fail, they fall over to another upstream
> server.
>
> If it's really that big a problem, you can suppress all such log
> messages in the BIND config. Depending on which syslog daemon you're
> using, you may be able to suppress only the SORBS failures from reaching
> the log file. I'm not sure, but you may even be able to tell BIND to
> either not log failures only for SORBS, or never attempt lookups off of
> the failing servers in the first place.
>
> -kgd
Not upset about the 'noise', to my untrained eye it looks to me as if
the lookups are failing:
chris@localhost:/var/log$ grep 'connection refused' /var/log/syslog|grep
sorbs|awk '{ print $10; }'|sort|uniq -c
1 '11.1.4.96.dnsbl.sorbs.net/A/IN':
1 '114.210.57.173.dnsbl.sorbs.net/A/IN':
1 '139.207.161.25.dnsbl.sorbs.net/A/IN':
1 '183.163.46.207.dnsbl.sorbs.net/A/IN':
1 '54.139.130.12.dnsbl.sorbs.net/A/IN':
2 'aftershock.sorbs.net/A/IN':
2 'cannonball.sorbs.net/A/IN':
2 'ns0.sorbs.net/A/IN':
1 'ns2.sorbs.net/AAAA/IN':
3 'ns2.sorbs.net/A/IN':
1 'ns4.sorbs.net/AAAA/IN':
3 'ns4.sorbs.net/A/IN':
The above is just from todays syslog starting at 7:40 this morning.
Here's yesterdays:
chris@localhost:/var/log$ grep 'connection refused' /var/log/syslog.1|
grep sorbs|awk '{ print $10; }'|sort|uniq -c
1 '112.89.189.91.dnsbl.sorbs.net/A/IN':
2 '11.67.255.128.dnsbl.sorbs.net/A/IN':
1 '119.123.171.166.dnsbl.sorbs.net/A/IN':
2 '121.34.211.207.dnsbl.sorbs.net/A/IN':
1 '136.207.152.107.dnsbl.sorbs.net/A/IN':
2 '15.6.255.128.dnsbl.sorbs.net/A/IN':
1 '173.190.42.208.dnsbl.sorbs.net/A/IN':
1 '178.18.143.94.dnsbl.sorbs.net/A/IN':
1 '18.167.87.216.dnsbl.sorbs.net/A/IN':
1 '19.94.189.91.dnsbl.sorbs.net/A/IN':
1 '202.135.201.205.dnsbl.sorbs.net/A/IN':
3 '212.163.111.63.dnsbl.sorbs.net/A/IN':
1 '23.164.11.209.dnsbl.sorbs.net/A/IN':
1 '236.47.41.192.dnsbl.sorbs.net/A/IN':
1 '243.86.197.70.dnsbl.sorbs.net/A/IN':
1 '36.58.176.166.dnsbl.sorbs.net/A/IN':
1 '48.200.56.41.dnsbl.sorbs.net/A/IN':
2 '54.139.130.12.dnsbl.sorbs.net/A/IN':
1 '57.103.45.66.dnsbl.sorbs.net/A/IN':
1 '73.31.231.89.dnsbl.sorbs.net/A/IN':
1 '79.242.62.166.dnsbl.sorbs.net/A/IN':
1 '8.167.87.216.dnsbl.sorbs.net/A/IN':
1 '96.207.152.107.dnsbl.sorbs.net/A/IN':
2 'ns0.sorbs.net/AAAA/IN':
2 'ns0.sorbs.net/A/IN':
I really don't want to suppress the syslog entries nor do I not want to
query SORBS, I would just like to figure out why the connection is
refused.
--
Chris
KeyID 0xE372A7DA98E6705C
31.11°N 97.89°W (Elev. 1092 ft)
09:46:29 up 2 days, 3:55, 2 users, load average: 0.04, 0.08, 0.11
Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar
31 02:07:04 UTC 2015
