named: error (unexpected RCODE REFUSED) resolving

Support for security such as Firewalls and securing linux
kriticar
Posts: 36
Joined: 2017/02/23 19:02:58

named: error (unexpected RCODE REFUSED) resolving

Postby kriticar » 2017/03/14 14:16:29

In my centos 7 server log I have found the following entries:

Mar 14 09:02:30 server named[20383]: error (unexpected RCODE REFUSED) resolving 'www.smileys4me.com/A/IN': 91.186.0.26#53
Mar 14 09:02:30 server named[20383]: error (unexpected RCODE REFUSED) resolving 'www.smileys4me.com/A/IN': 91.186.0.121#53


Centos is a DNS server and has two network interfaces, one connected to the internet, and another one connected to the local network.

How to determine computer/user (from the local network) who asked for this name resolution?

User avatar
avij
Forum Moderator
Posts: 2236
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: named: error (unexpected RCODE REFUSED) resolving

Postby avij » 2017/03/14 21:42:38

You could log all DNS queries, but quite frankly.. do you really want to? If some user on your network visited a web page that had a <img src="http://www.smileys4me.com/img/smiley.gif"> tag in the page source, it will trigger a name resolution request without the user noticing that such a request was sent. The reason why the request got logged in your log is that the registered name servers for smileys4me.com are not responding to the queries. It's not your fault.

kriticar
Posts: 36
Joined: 2017/02/23 19:02:58

Re: named: error (unexpected RCODE REFUSED) resolving

Postby kriticar » 2017/03/15 07:26:17

Thanks for clarification.