Refused messages

Forums Network Management ZeroShell Refused messages

  • This topic is empty.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • November 9, 2009 at 11:05 am #42026
    joti1978
    Member

    I have a lot of this kind of messages on the “named” log.
    What they are telling…
    And i see the system in last two days is working with to much load near 100% CPU. Are this messages reason for such a load?

    10:37:38 unexpected RCODE (REFUSED) resolving ‘www.ieaddons.com/A/IN’:xx.xx.xx.xx#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘toggle.www.ms.akadns.net/A/IN’: yy.yy.yy.yy#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘toggle.www.ms.akadns.net/A/IN’: xx.xx.xx.xx#53
    10:37:38 connection refused resolving ‘toggle.www.ms.akadns.net/A/IN’: yy.yy.yy.yy#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘lb1.www.ms.akadns.net/A/IN’: xx.xx.xx.xx#53
    10:37:38 unexpected RCODE (REFUSED) resolving ‘lb1.www.ms.akadns.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 connection refused resolving ‘pheedo-rdr.msnbc.msn.com/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns1.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns2.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns3.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns4.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns5.msft.net/A/IN’: xx.xx.xx.xx#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns1.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns2.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns3.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns4.msft.net/A/IN’: yy.yy.yy.yy#53
    10:37:39 unexpected RCODE (REFUSED) resolving ‘ns5.msft.net/A/IN’: yy.yy.yy.yy#53
    ….

    November 9, 2009 at 9:13 pm #49060
    ppalias
    Member

    I would suggest to close port 53 on the internet interface.

    November 10, 2009 at 8:14 am #49061
    joti1978
    Member

    Block port 53, for INPUT or OUTPUT?
    I have blocked port 53 for INPUT, but I still get those messages.
    Does port 53 is for DNS look up?

    I see that xx.xx.xx.xx and yy.yy.yy.yy are the IP of my ISPs DNS servers.
    Will resolve dns work if i block port 53 also for OUTPUT?

    thanks,

    November 10, 2009 at 8:43 am #49062
    ppalias
    Member

    Block it on the INPUT chain so that your DNS server is not accessed from the internet.
    Your dns lookups work fine or you are having trouble resolving from your ISP’s DNS servers?
    If you block it for output dns resolve won’t work, so leave it open.

    November 10, 2009 at 10:01 am #49063
    joti1978
    Member

    Yes thanks for the confirmation.

    Actually, my setup is a dual wan (Failover) setup and i have put on the DNS Forwarders for ANY 4 IP address two of each ISP DNS servers.
    I see these messages also when I make a DNS Lookup for an address from 3 IP of dns servers of them…so I guess only one DNS server of the Active Wan is responding. Is this normal?
    DNS lookups works fine!
    Do I have to put all DNS servers at DNS Forwarders?

    November 10, 2009 at 2:58 pm #49064
    ppalias
    Member

    It is a routing issue. DNS servers from ISP A are not responding to reuqests out of their address space. So add 2 static routes for each ISP for the IP address of each server to be forwarded via the appropriate gateway.

    November 10, 2009 at 4:14 pm #49065
    joti1978
    Member

    Thanks again ppalias… problem solved with static routing rules.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.