Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 9651 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS lookup for xx.x.xxx.xx.black.rbl.ctipd.astaro.local. failed

ulfthomas

Hi guys.

I've been seeing the following error lately on my UTM and I cannot for the life of me understand why. Is there anyone that has some insight? :)

Running Sophos UTM 9.506-2 and this is from the packetfilter log. This is an excert and it seem to fail on all IPs supplied to it. I have temporarily disabled "Block clients with bad reputation" to suppress the problem but would really like to enable it again.

Thanks in advance.

2018:01:16-11:13:23 router httpd[8883]: [authz_blacklist:warn] [pid 8883:tid 4096068464] [client xx.x.xxx.xx:58423] DNS lookup for xx.x.xxx.xx.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2018:01:16-11:13:23 router httpd[8883]: [authz_blacklist:warn] [pid 8883:tid 4129639280] [client xx.x.xxx.xx:58420] DNS lookup for xx.x.xxx.xx.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2018:01:16-11:13:23 router httpd[8883]: [authz_blacklist:warn] [pid 8883:tid 4079283056] [client xx.x.xxx.xx:58426] DNS lookup for xx.x.xxx.xx.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2018:01:16-11:13:24 router httpd[8883]: [authz_blacklist:warn] [pid 8883:tid 4070890352] [client xx.x.xxx.xx:58427] DNS lookup for xx.x.xxx.xx.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2018:01:16-11:13:24 router httpd[8883]: [authz_blacklist:warn] [pid 8883:tid 4112853872] [client xx.x.xxx.xx:58421] DNS lookup for xx.x.xxx.xx.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution

 

BR

Ulf Thomas




[locked by: BAlfson at 3:41 PM (GMT -8) on 17 Jan 2018]
Parents
  • 0

    Hei Ulf Thomas,

    As Sachin implied above, this is the local copy of the ctipd reputation database.  I wouldn't be surprised if local reputation lookups used port 54 instead of 53.  Sometimes (maybe always, I don't know), the UTM queries ctipd in the cloud.  If that server is having a problem or your location is having difficulty reaching the server, that's the message I would expect to see in the log.  On the off chance that there's an issue with your UTM, you might try rebooting it.  If that doesn't resolve this, you may just need to wait until the issue outside of your control is fixed.

    Cheers - Bob
    PS Should this be in the Webserver Security forum?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hei Ulf Thomas,

    As Sachin implied above, this is the local copy of the ctipd reputation database.  I wouldn't be surprised if local reputation lookups used port 54 instead of 53.  Sometimes (maybe always, I don't know), the UTM queries ctipd in the cloud.  If that server is having a problem or your location is having difficulty reaching the server, that's the message I would expect to see in the log.  On the off chance that there's an issue with your UTM, you might try rebooting it.  If that doesn't resolve this, you may just need to wait until the issue outside of your control is fixed.

    Cheers - Bob
    PS Should this be in the Webserver Security forum?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML