All-
I upgraded from 8.102 to UTM 9.0 latest soft release. When I reviewed the DNS log this morning, the log was very full with the following Rcode entries:
2012:07:04-15:02:05 s_local_asl@OASIS named: Last message 'unexpected RCODE (RE' repeated 1 times, supressed by syslog-ng on OASIS
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 71.252.0.72#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 68.238.96.72#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 151.203.0.87#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:06 s_local_asl@OASIS named: Last message 'unexpected RCODE (RE' repeated 1 times, supressed by syslog-ng on OASIS
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
The noted entries are from this afternoon. However they have been going on since last night. Everything on the network was down over night except the ASG. I am not able to find a LAN based source causing this. Can someone please provide some direction? Outside of this UTM 9 works very nicely, a job well done! I seems very odd this would be coming from the ASG, but I believe it is possible. The 173. ***.***.*** addresses are google, and there are some 108.***.***.*** that belong to verizon. Thanks in advance for any help provided!
Regards,
Jim
I upgraded from 8.102 to UTM 9.0 latest soft release. When I reviewed the DNS log this morning, the log was very full with the following Rcode entries:
2012:07:04-15:02:05 s_local_asl@OASIS named: Last message 'unexpected RCODE (RE' repeated 1 times, supressed by syslog-ng on OASIS
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 71.252.0.72#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 68.238.96.72#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '158.152.57.108.in-addr.arpa/PTR/IN': 151.203.0.87#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:05 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '120.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.38.10#53
2012:07:04-15:02:06 s_local_asl@OASIS named: Last message 'unexpected RCODE (RE' repeated 1 times, supressed by syslog-ng on OASIS
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.32.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.36.10#53
2012:07:04-15:02:06 OASIS named[4115]: unexpected RCODE (REFUSED) resolving '21.53.194.173.in-addr.arpa/PTR/IN': 216.239.34.10#53
The noted entries are from this afternoon. However they have been going on since last night. Everything on the network was down over night except the ASG. I am not able to find a LAN based source causing this. Can someone please provide some direction? Outside of this UTM 9 works very nicely, a job well done! I seems very odd this would be coming from the ASG, but I believe it is possible. The 173. ***.***.*** addresses are google, and there are some 108.***.***.*** that belong to verizon. Thanks in advance for any help provided!
Regards,
Jim