What do 'invalid DNS Response' errors in system logs mean?

Available Languages

Download Options

  • PDF     (18.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (83.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (65.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 13, 2014
Document ID:118483

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question

What do entries like this in the log mean?

Tue Apr 29 10:25:33 2008 Warning: Received an invalid DNS Response: rcode=ServFail 
data="'\\xadX\\x81\\x82\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x04Example\\x02Com\\
x00\\x00\\x0f\\x00\\x01'" to IP 10.10.3.11 looking up example.com

Tue Apr 29 10:25:33 2008 Info: ICID 1905953 Address: <test@example.com>
sender rejected, envelope sender domain could not be resolved.

Environment

Cisco Web Security appliance (WSA) any AsyncOS version, Cisco Email Security appliance (ESA) any AsyncOS version

This indicates that the DNS server returned a 'SERVFAIL' error when it attempted to look up the domain in DNS. SERVFAIL means that the domain does exist and the root name servers have information on this domain, but that the authoritative name servers are not answering queries for this domain.

You can run a manual DNS query from the CLI using the "nslookup" command to verify if DNS resolution of the domain is working properly. Typically, seeing many of these messages in the logs indicates that there are lots of emails going to sites that have bad DNS replies. If the error messages are seen very frequently, it could also indicate that the local/configured DNS server/s may be having issue in resolving domain names.

Revision History

Revision Publish Date Comments
1.0
13-Oct-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Martin Ding and Siddharth Rajpathak
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products