Steiner, we are in a middle of AIpocalypse pile of issues, so please do fill a feature request. I think it is reasonable to either downgrade the level of the log messages or have a way to filter them out (rate-limiting and/or own category perhaps). But I can’t really promise a date when we will fix this as the new issues keep piling up and they need to be triaged.
Ondrej -- Ondřej Surý (He/Him) [email protected] ADHD brain at work: I sometimes lose track of my inbox. Please feel free to send a gentle nudge if you're waiting on a reply! My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 28. 5. 2026, at 9:37, [email protected] wrote: > > I'm testing 9.21.22 here, and getting lots of logging of the type > "REFUSED unexpected RCODE resolving ...". Example query which > results in such logging is asking a 9.21.22 resolver > > dig keyvalueservice.fe.apple-dns.net > > and the resolver logs > > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 2600:9000:5306:2400::1#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 2600:9000:5302:ec00::1#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 2600:9000:5301:1f00::1#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 205.251.198.36#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 205.251.194.236#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 205.251.196.100#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 205.251.193.31#53 > named[3441]: REFUSED unexpected RCODE resolving > 'keyvalueservice.fe.apple-dns.net/A/IN': 2600:9000:5304:6400::1#53 > > If I try 9.21.22 on one of our active resolvers (~ 30k qps or more), > there is so much logging of this type that it completely swamps any > other logging, making the logging basically unusable. The only way I > have found of getting rid of REFUSED logging is to use > > category default { null; }; > > but that also drops basically *all* other logging, which is not > desirable. > > We have much the same problem with logging of "FORMERR resolving ...". > e.g. > > named[3441]: DNS format error from 2a01:111:4000:f00::f0#53 resolving > mr-b01.tm-azurefd.net/HTTPS for 2001:8c0:2002:4:193:69:2:2#13481: Name > trafficmanager.net (SOA) not subdomain of zone tm-azurefd.net -- invalid > response > named[3441]: FORMERR resolving 'mr-b01.tm-azurefd.net/HTTPS/IN': > 2a01:111:4000:f00::f0#53 > named[3441]: DNS format error from 2620:1ec:8ec:f00::f0#53 resolving > mr-b01.tm-azurefd.net/HTTPS for 2001:8c0:2002:4:193:69:2:2#13481: Name > trafficmanager.net (SOA) not subdomain of zone tm-azurefd.net -- invalid > response > named[3441]: FORMERR resolving 'mr-b01.tm-azurefd.net/HTTPS/IN': > 2620:1ec:8ec:f00::f0#53 > named[3441]: DNS format error from 2603:1061:0:f00::f0#53 resolving > mr-b01.tm-azurefd.net/HTTPS for 2001:8c0:2002:4:193:69:2:2#13481: Name > trafficmanager.net (SOA) not subdomain of zone tm-azurefd.net -- invalid > response > named[3441]: FORMERR resolving 'mr-b01.tm-azurefd.net/HTTPS/IN': > 2603:1061:0:f00::f0#53 > named[3441]: DNS format error from 150.171.16.240#53 resolving > mr-b01.tm-azurefd.net/HTTPS for 2001:8c0:2002:4:193:69:2:2#13481: Name > trafficmanager.net (SOA) not subdomain of zone tm-azurefd.net -- invalid > response > named[3441]: FORMERR resolving 'mr-b01.tm-azurefd.net/HTTPS/IN': > 150.171.16.240#53 > named[3441]: DNS format error from 13.107.222.240#53 resolving > mr-b01.tm-azurefd.net/HTTPS for 2001:8c0:2002:4:193:69:2:2#13481: Name > trafficmanager.net (SOA) not subdomain of zone tm-azurefd.net -- invalid > response > named[3441]: FORMERR resolving 'mr-b01.tm-azurefd.net/HTTPS/IN': > 13.107.222.240#53 > named[3441]: DNS format error from 150.171.10.240#53 resolving > mr-b01.tm-azurefd.net/HTTPS for 2001:8c0:2002:4:193:69:2:2#13481: Name > trafficmanager.net (SOA) not subdomain of zone tm-azurefd.net -- invalid > response > named[3441]: FORMERR resolving 'mr-b01.tm-azurefd.net/HTTPS/IN': > 150.171.10.240#53 > > and again the only way I have found of getting rid of these messages > (because they're swamping other log messages) is to send category > default to null. > > Any better way of getting rid of such REFUSED and FORMERR logging? > > Steinar Haug, AS2116 > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
