An Accepted Solution is available for this post. Jump to solution.
System Log error message event-type named[1324]
willman42
Enthusiast - Level 2
‎12-31-2017 07:18 AM

First of all, is there any documentation on the system logs for the G1100 router? Like what does the event-type "named[1324]" mean? But just in general is there any documentation at all for the end user?

But the main point of this post is the specific error message I found in my router's System Log: 

Time                 | Event-Type  | Log Level | Details
--------------------------------------------------------------
Dec 31 15:01:25 2017 | named[1324] | err<139>  | client 192.168.0.4#53218 (218.83.20.104.in-addr.arpa): view internal-clients: query failed (SERVFAIL) for 218.83.20.104.in-addr.arpa/IN/PTR at query.c:7837

192.168.0.4 is my desktop IP that I'm using right now and what I use to access the admin interface on the router. It appears that I'm doing an rDNS lookup for 104.20.83.218, which according to WHOIS, is a CloudFlare IP (not comforting). 

But what does "view internal-clients: query failed (SERVFAIL)" mean? Is the CloudFlare IP trying to run a SQL command on my router, presumably to find info about my internal clients? Or is there a less sinister alternative explanation?

Reply
1 Solution

Correct answers
An Accepted Solution is available for this post. Jump to solution.
Re: System Log error message event-type named[1324]
JustinG1
Community Leader
Community Leader
‎01-01-2018 07:39 PM

Hello!

There isn't documentation for most of the system logs in the G1100, but I can tell you that "named" is the name given to the program called "BIND". BIND is a software that is capable of doing DNS lookups, and runs on most Linux systems (and is what the G1100 uses to handle DNS queries). 

A quick google search for BIND error messages brought me to this page: http://www.reedmedia.net/misc/dns/errors.html, but regarding your specific error message I'll try to summarize it as best as I can:

Rest assured, nothing malicous is going on. What that error concludes is your computer tried to do a hostname lookup, but the domain it was trying to find wasn't found, causing a "SERVFAIL". You'll see these messages occasonally when clients lookup domain names that can't be resolved. This command was not run by anything outside your own LAN (in this case, your computer). 

Just to show I also recieved the same error on my own Linux computer when trying to lookup the same record your computer was looking up:

image

Kudos for being proactive, its always good to keep an eye on things!

View solution in original post

Reply
1 Reply
An Accepted Solution is available for this post. Jump to solution.
Re: System Log error message event-type named[1324]
JustinG1
Community Leader
Community Leader
‎01-01-2018 07:39 PM

Hello!

There isn't documentation for most of the system logs in the G1100, but I can tell you that "named" is the name given to the program called "BIND". BIND is a software that is capable of doing DNS lookups, and runs on most Linux systems (and is what the G1100 uses to handle DNS queries). 

A quick google search for BIND error messages brought me to this page: http://www.reedmedia.net/misc/dns/errors.html, but regarding your specific error message I'll try to summarize it as best as I can:

Rest assured, nothing malicous is going on. What that error concludes is your computer tried to do a hostname lookup, but the domain it was trying to find wasn't found, causing a "SERVFAIL". You'll see these messages occasonally when clients lookup domain names that can't be resolved. This command was not run by anything outside your own LAN (in this case, your computer). 

Just to show I also recieved the same error on my own Linux computer when trying to lookup the same record your computer was looking up:

image

Kudos for being proactive, its always good to keep an eye on things!

Reply