Refused messages

Home Page Forums Network Management ZeroShell Refused messages

This topic contains 5 replies, has 0 voices, and was last updated by  joti1978 9 years, 3 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #42026

    joti1978
    Member

    I have a lot of this kind of messages on the “named” log.
    What they are telling…
    And i see the system in last two days is working with to much load near 100% CPU. Are this messages reason for such a load?

    10:37:38 unexpected RCODE (REFUSED) resolving ‘www.ieaddons.com/A/IN’:xx.xx.xx.xx#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘toggle.www.ms.akadns.net/A/IN’: yy.yy.yy.yy#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘toggle.www.ms.akadns.net/A/IN’: xx.xx.xx.xx#53
    10:37:38 connection refused resolving ‘toggle.www.ms.akadns.net/A/IN’: yy.yy.yy.yy#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘lb1.www.ms.akadns.net/A/IN’: xx.xx.xx.xx#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘lb1.www.ms.akadns.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 connection refused resolving ‘pheedo-rdr.msnbc.msn.com/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns1.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns2.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns3.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns4.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns5.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns1.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns2.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns3.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns4.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns5.msft.net/A/IN’: yy.yy.yy.yy#53
    ….

    #49060

    ppalias
    Member

    I would suggest to close port 53 on the internet interface.

    #49061

    joti1978
    Member

    Block port 53, for INPUT or OUTPUT?
    I have blocked port 53 for INPUT, but I still get those messages.
    Does port 53 is for DNS look up?

    I see that xx.xx.xx.xx and yy.yy.yy.yy are the IP of my ISPs DNS servers.
    Will resolve dns work if i block port 53 also for OUTPUT?

    thanks,

    #49062

    ppalias
    Member

    Block it on the INPUT chain so that your DNS server is not accessed from the internet.
    Your dns lookups work fine or you are having trouble resolving from your ISP’s DNS servers?
    If you block it for output dns resolve won’t work, so leave it open.

    #49063

    joti1978
    Member

    Yes thanks for the confirmation.

    Actually, my setup is a dual wan (Failover) setup and i have put on the DNS Forwarders for ANY 4 IP address two of each ISP DNS servers.
    I see these messages also when I make a DNS Lookup for an address from 3 IP of dns servers of them…so I guess only one DNS server of the Active Wan is responding. Is this normal?
    DNS lookups works fine!
    Do I have to put all DNS servers at DNS Forwarders?

    #49064

    ppalias
    Member

    It is a routing issue. DNS servers from ISP A are not responding to reuqests out of their address space. So add 2 static routes for each ISP for the IP address of each server to be forwarded via the appropriate gateway.

    #49065

    joti1978
    Member

    Thanks again ppalias… problem solved with static routing rules.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.