Atomicorp

Posted: **Wed Mar 02, 2011 4:51 am**

I have CentOS5 with ASL and Plesk 10.1.1

I've been ignoring some entries in the daily Logwatch with many thousands of mailcontroller entries that are similar to the extract below.

**Unmatched Entries**
binding TCP socket: address in use: 2 Time(s)
client 109.105.211.209 query (cache) 'mx21.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
client 109.105.211.209 query (cache) 'mx22.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
client 109.105.211.209 query (cache) 'mx23.mailcontroller.co.uk/A/IN' denied: 1 Time(s)

and some others - again thousands of entries:

connection refused resolving 'ns2.bbs.ro/AAAA/IN': 86.123.48.5#53: 8 Time(s)
connection refused resolving 'smokin.orbital.net/A/IN': 80.88.198.4#53: 1 Time(s)
connection refused resolving 'smokin.orbital.net/AAAA/IN': 80.88.198.4#53: 1 Time(s)
found 4 CPUs, using 4 worker threads: 2 Time(s)
host unreachable resolving '25.1.18.64.dnsbl-1.uceprotect.net/TXT/IN': 174.136.193.2#53: 1 Time(s)
host unreachable resolving '25.44.236.222.dnsbl-1.uceprotect.net/TXT/IN': 174.136.193.2#53: 1 Time(s)
network unreachable resolving '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/PTR/IN': 2001:500:86::86#53: 1 Time(s)
network unreachable resolving '1.18.0.187.in-addr.arpa/PTR/IN': 2001:470:d87a:3::2#53: 1 Time(s)
network unreachable resolving '10.132.127.174.in-addr.arpa/PTR/IN': 2607:f060:2::2#53: 1 Time(s)
network unreachable resolving '10.173.138.83.in-addr.arpa/PTR/IN': 2001:6b0:7::2#53: 1 Time(s)
network unreachable resolving '10.173.138.83.in-addr.arpa/PTR/IN': 2001:dc0a:4608::59#53: 1 Time(s)

Can anyone tell me if there is anything we should be be doing at server level to get rid of these entries on the logwatch?

Manythanks, in advance, as ever.

Posted: **Sat Mar 03, 2012 6:48 am**

I keep ignoring the Unmatched Entries, but the thousands daily keep showing. It does not seem to be affexting the delivery of emails in any way. Can someone advise?

Posted: **Sat Mar 03, 2012 10:14 am**

Those are unsuccessful DNS lookups for domains your server is not hosting. Do you use Plesk DNS or external? If external you can block port 53 (named) and this will drop them at the firewall level. If internal, you need to accept DNS lookups, so... not sure what to suggest...

Posted: **Sun Mar 04, 2012 3:53 pm**

Thank you Kalimari
We use Plesk DNS so looks from what you say that there is little we can do about this.

Posted: **Mon Mar 05, 2012 10:35 am**

Your problem is that BIND, by default, logs into the general syslog. You can avoid this problem by telling BIND to make its own log file. Add this code to your named.conf

Code: Select all

logging{
  channel simple_log {
    file "/log/named.log" versions 3 size 10m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};

Remember that the path to your log file is relative to your chroot (IIRC Plesk's bind-chroot package uses /var/named/run-root/ instead of /var/named/chroot/).

Posted: **Tue Mar 06, 2012 5:46 am**

Thank you very much for that Highland

Atomicorp

Logwatch Unmatched Entries

Logwatch Unmatched Entries

Re: Logwatch Unmatched Entries

Re: Logwatch Unmatched Entries

Re: Logwatch Unmatched Entries

Re: Logwatch Unmatched Entries

Re: Logwatch Unmatched Entries