I run a mail server with a caching DNS. The server is debian and BIND9. I am getting a ton of these in my logwatch:
Code:
Query form disallowed client:
unexpected RCODE (REFUSED) resolving '247.250.236.209.in-addr.arpa/PTR/IN': 209.236.251.114#53: 4 Time(s)
unexpected RCODE (REFUSED) resolving 'dnsglobal.mantraonline.com/A/IN': 202.56.240.5#53: 1 Time(s)
unexpected RCODE (REFUSED) resolving '223.45.90.144.in-addr.arpa/PTR/IN': 144.90.136.254#53: 4 Time(s)
unexpected RCODE (REFUSED) resolving '1.163.245.199.in-addr.arpa/PTR/IN': 139.78.100.1#53: 1 Time(s)
unexpected RCODE (REFUSED) resolving '62.56.160.14.in-addr.arpa/PTR/IN': 203.162.0.11#53: 4 Time(s)
unexpected RCODE (SERVFAIL) resolving 'ns01.wl-infra.net/AAAA/IN': 217.70.177.40#53: 4 Time(s)
unexpected RCODE (REFUSED) resolving 'ns.t-mobile.cz/AAAA/IN': 77.48.254.253#53: 1 Time(s)
unexpected RCODE (REFUSED) resolving '153.71.226.159.in-addr.arpa/PTR/IN': 159.226.8.28#53: 4 Time(s)
unexpected RCODE (REFUSED) resolving 'ABTS-TN-dynamic-196.107.164.122.airtelbroadband.in/A/IN': 202.56.240.5#53: 1 Time(s)
unexpected RCODE (REFUSED) resolving 'iwt.tv/NS/IN': 74.55.69.165#53: 1 Time(s)
unexpected RCODE (REFUSED) resolving '199.57.102.66.in-addr.arpa/PTR/IN': 208.44.130.120#53: 1 Time(s)
unexpected RCODE (SERVFAIL) resolving 'fibre.cablebahamas.com/A/IN': 198.6.1.82#53: 1 Time(s)
I suspect that these are spammers hitting my mail server with bogus domains and the DNS is trying to resolve the IP to the domain, it is coming back false, and my mail server drops the message as designed. Am I correct or do I have something misconfigured?