[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: repeated rejection of lookups of bad name

Hi Ross,

On Sun, Nov 11, 2007 at 10:47:13AM -0800, Ross Boylan wrote:
> A few days ago I received a message with a return path of
> berendbrothers.com@palmcoastcondo.com.
> exim4's data ACL rejected the message.


> Since then, every hour at 2 minutes after the hour I get the
> named[xxxx]: unexpected RCODE (REFUSED) resolving
> 'palmcoastcondo.com/TXT/IN': ::1#53
> message.
> Googling indicates this means that a DNS query is going to ::1, which I
> think is IPv6 for localhost, and the DNS server (which is mine) is
> rejecting the query.

I believe that your DNS server is reporting an error code it is
receiving from the auth. servers for palmcoastcondo.com.

> Why is this happening?  That is,
> 1. why is the query being generated every hour?  The timing seems to
> coincide with hourly runs of logcheck.

It is probably being checked by spamassassin's URIBL module as it
appears in email going to you.

> 2. why is it looking for ::1#53 as the DNS server?  I have not
> configured bind9 to accept queries on ::1.  So the question isn't why
> it's being rejected, but why that location is being queried.

I imagine that your named is listening on all interfaces.  What is
in /etc/resolv.conf?

> 3. How can I stop these queries?

There are several ways.  For example you could:

- stop receiving email with that domain name in it.

- Turn off URIBL queries

but instead I would recommend ignoring it, and taking steps to make
ignoring it easier.

> Also, my logcheck rules aren't filtering th unexpected RCODE messages
> out.  I suspect they should, but the reason will probably be clear by
> inspecting them.

Usually when I have problems like this with logcheck it is because
the message also matches something in the "violations" files, which
are positive matches.  I would take a guess at "REFUSED" being in


http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB

Attachment: signature.asc
Description: Digital signature

Reply to: