This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unexpected RCODE (REFUSED) resolving

All-

I upgraded from 8.102 to UTM 9.0 latest soft release. When I reviewed the DNS log this morning, the log was very full with the following Rcode entries:


2012:07:04-15:02:05 s_local_asl@OASIS named: Last message 'unexpected RCODE (RE' repeated 1 times, supressed by syslog-ng on OASIS
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 71.252.0.72#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 68.238.96.72#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 151.203.0.87#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:06 s_local_asl@OASIS named: Last message 'unexpected RCODE (RE' repeated 1 times, supressed by syslog-ng on OASIS
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53

The noted entries are from this afternoon. However they have been going on since last night. Everything on the network was down over night except the ASG. I am not able to find a LAN based source causing this. Can someone please provide some direction? Outside of this UTM 9 works very nicely, a job well done! I seems very odd this would be coming from the ASG, but I believe it is possible. The 173. ***.***.*** addresses are google, and there are some 108.***.***.*** that belong to verizon. Thanks in advance for any help provided!

Regards,
Jim


This thread was automatically locked due to age.
  • I believe reporting does a DNS lookup of IP addresses

    Thanks, Jim.  Reporting and the SMTP Proxy are two sources of Reverse DNS lookups.  I agree that these messages are usually problems that can't be fixed in the UTM.  Sometimes it's because the IP should fail RDNS, and you'll find a corresponding rejection in the SMTP Log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA