Our logfiles are full with logs like
www named[2961]: error (unexpected RCODE REFUSED) resolving '131.79.75.106.in-addr.arpa/PTR/IN': 106.75.128.65#53
The right side IP-address looks to be from China.
We run multiple websites on our server, but as far as I know, we use our hoster's DNS service.
Is our server being used as part of a DDOS attack? If so, how can we stop that? And how can I figure out which process triggered this DNS request?
Best Answer
It means that 106.75.128.65 (hn01.rdns.ucloud.cn) is set up as a name server for 79.75.106.in-addr.arpa but it refusing to answer requests for it. Whoever is in charge of that name server has it mis-configured.