named[1095]: error (unexpected RCODE REFUSED)

[Chris <cp...@embarqmail.com>]

I've just finished setting up Bind as a local caching name server to
work in conjunction with my Spamassassin setup. I did this because
queries to uribl.com were getting blocked probably due to my ISPs
reputation for spam. It seems to be working great, no more of the
blocked queries to uribl.com however I am seeing a lot of this:

named[1095]: error (connection refused) resolving
'175.190.42.208.dnsbl.sorbs.net/A/IN': 174.36.198.233#53

named[1095]: error (connection refused) resolving
'123.68.7.52.dnsbl.sorbs.net/A/IN': 67.228.187.34#53

named[1095]: error (unexpected RCODE REFUSED) resolving
'164.87.144.104.in-addr.arpa/PTR/IN': 104.144.87.254#53

Do I have something in my setup incorrect?


Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11°N 97.89°W (Elev. 1092 ft)
15:38:53 up 21:29, 1 user, load average: 0.27, 0.16, 0.15
Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar
31 02:07:04 UTC 2015

Re: named[1095]: error (unexpected RCODE REFUSED)

[Noel Butler <no...@ausics.net>]

 

On 10/05/2015 10:48, Chris wrote: 

> On Sun, 2015-05-10 at 01:09 +0100, Martin Gregorie wrote: On Sat, 2015-05-09 at 15:49 -0500, Chris wrote: I've just finished setting up Bind as a local caching name server to
> work in conjunction with my Spamassassin setup. I did this because
> queries to uribl.com were getting blocked probably due to my ISPs
> reputation for spam.
> 
> More likely its because you and other SA users are using the ISP DNS to
> sent queries to uribl.com and as a result the combined queries have
> exceeded the free query quota (which counts against the querying DNS's
> IP). 
> 
> It seems to be working great, no more of the
> blocked queries to uribl.com however I am seeing a lot of this:
> 
> named[1095]: error (connection refused) resolving
> '175.190.42.208.dnsbl.sorbs.net/A/IN': 174.36.198.233#53
> 
> Have you configured your DNS to forward queries to your ISP's DNS? If
> so, don't, because that is including you in the common query quota: by
> not forwarding queries you let your DNS send the queries direct, which
> means that the free quota is only counted against your DNS IP.
> 
> Martin
 I'd forgotten to mention that I'm using 127.0.0.1 for the queries:

 # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
 resolvconf(8)
 # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
 nameserver 127.0.0.1

 nameserver 127.0.0.1
 search PK5001Z

 which is why I no longer have the problem with uribl.com. My question
 now is about SORBS.

Why you have two identical nameserver lines I'll never know... 

and search line? WTF is that... but also irrelevant.. 

Neither should affect this result 

those sorbs IPs timeout to me, but that's likely their geo-messing 

using my own resolver the tests work fine 8/10, 2 servfails and 8
nxdomains (correct return) 

your setup works, the problem lies with sorbs. 

 

Re: named[1095]: error (unexpected RCODE REFUSED)

[Chris <cp...@embarqmail.com>]

On Sun, 2015-05-10 at 01:09 +0100, Martin Gregorie wrote:
> On Sat, 2015-05-09 at 15:49 -0500, Chris wrote:
> > I've just finished setting up Bind as a local caching name server to
> > work in conjunction with my Spamassassin setup. I did this because
> > queries to uribl.com were getting blocked probably due to my ISPs
> > reputation for spam.
> >
> More likely its because you and other SA users are using the ISP DNS to
> sent queries to uribl.com and as a result the combined queries have
> exceeded the free query quota (which counts against the querying DNS's
> IP). 
> 
> >  It seems to be working great, no more of the
> > blocked queries to uribl.com however I am seeing a lot of this:
> > 
> > named[1095]: error (connection refused) resolving
> > '175.190.42.208.dnsbl.sorbs.net/A/IN': 174.36.198.233#53
> > 
> Have you configured your DNS to forward queries to your ISP's DNS? If
> so, don't, because that is including you in the common query quota: by
> not forwarding queries you let your DNS send the queries direct, which
> means that the free quota is only counted against your DNS IP.
> 
> 
> Martin
>  
I'd forgotten to mention that I'm using 127.0.0.1 for the queries:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1


nameserver 127.0.0.1
search PK5001Z

which is why I no longer have the problem with uribl.com. My question
now is about SORBS.


-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11°N 97.89°W (Elev. 1092 ft)
19:46:44 up 1 day, 1:36, 1 user, load average: 0.21, 0.12, 0.09
Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar
31 02:07:04 UTC 2015

Re: named[1095]: error (unexpected RCODE REFUSED)

[Martin Gregorie <ma...@gregorie.org>]

On Sat, 2015-05-09 at 15:49 -0500, Chris wrote:
> I've just finished setting up Bind as a local caching name server to
> work in conjunction with my Spamassassin setup. I did this because
> queries to uribl.com were getting blocked probably due to my ISPs
> reputation for spam.
>
More likely its because you and other SA users are using the ISP DNS to
sent queries to uribl.com and as a result the combined queries have
exceeded the free query quota (which counts against the querying DNS's
IP). 

>  It seems to be working great, no more of the
> blocked queries to uribl.com however I am seeing a lot of this:
> 
> named[1095]: error (connection refused) resolving
> '175.190.42.208.dnsbl.sorbs.net/A/IN': 174.36.198.233#53
> 
Have you configured your DNS to forward queries to your ISP's DNS? If
so, don't, because that is including you in the common query quota: by
not forwarding queries you let your DNS send the queries direct, which
means that the free quota is only counted against your DNS IP.


Martin