Thread: Dns & uribl
View Single Post
Old 13th October 2011, 18:50
DrJohn DrJohn is offline
Join Date: Aug 2007
Location: Portland, OR, USA
Posts: 66
Thanks: 8
Thanked 2 Times in 2 Posts
Default Dns & uribl

This is Perfect Server Ubuntu 10.04. I recently changed DNS forwarders from my ISP-provided to a pair of the fastest (from here) public DNS sites: SpeakEasy and Google Public DNS. The ISP sites were about 5x slower and were returning advertising material for non-existent domains.

In /etc/bind/named.conf.options:
forwarders {
		// Google Public DNS;
I've always seen a number of DNS errors in the logs, like these from the ISP DNS servers:
DNS format error from resolving invalid response: 1 Time(s)
error (FORMERR) resolving '': 17 Time(s)
error (network unreachable) resolving '': 2001:7b8:3:1f:0:2:53:2#53: 1 Time(s)
error (unexpected RCODE REFUSED) resolving '': 
success resolving '' (in ''?) after disabling EDNS: 1 Time(s)
but the number is small (< 50 per day) and there seems to be no impact.

After changing the DNS servers, I see a couple of hundred errors related to URIBL DNS queries (out of a 10.04 VM running ISPConfig 2.2.40 / SA) like these (many different domains overall):
error (unexpected RCODE REFUSED) resolving '': 1 Time(s)
All of these were returned from the Google Public DNS server.
In addition, I see about the same number of these and similar:
 error (network unreachable) resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53: 1 Time(s)
error (network unreachable) resolving '': 2001:7fd::1#53: 1 Time(s)
error (network unreachable) resolving '': 2001:503:c27::2:30#53: 1 Time(s)
I'd like to clear this up on the server. Is this a symptom of 1) a problem with the local Bind installation; 2) a problem with SA / URIBL; 3) a problem with the public DNS servers; 4) not a problem other than syslog inflation?

Thanks !
Reply With Quote
Sponsored Links