unexpected DNS look ups being logged

[Tim]

Tim:

>> I see things reported in logwatch that I don't expect.  For instance,
>> named reports resolving addresses that are part of spams I'm receiving.


Kenneth Porter:
> Logwatch is supposed to tell you what's unusual in your logs. The next step 
> is to look at the raw logs and find out where they're coming from.

I know that.  As I said, named.  What the logs don't show is what
application is involved with named.  But the process of elimination,
points the finger squarely at evolution (as I said).  Leading back to my
original questions of whether anybody gets the same behaviour (evolution
doing some sort of checkup on addresses in the mail, when it's not set
to do so).

> Grep the /var/log directory for the log line to see what files it's in, and then 
> inspect those files for details.

Set of examples:

Nov 12 18:14:07 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 68.105.15.143#53
Nov 12 18:14:07 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 67.85.180.207#53
Nov 12 18:14:08 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 68.105.15.143#53
Nov 12 18:14:09 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 67.85.180.207#53
Nov 12 18:14:10 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 67.85.180.207#53
Nov 12 18:14:11 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 68.105.15.143#53
Nov 12 18:14:12 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 67.85.180.207#53
Nov 12 18:14:12 mongrel named[1415]: FORMERR resolving 'education-russia.com/AAAA/IN': 68.105.15.143#53

(Be warned, the domain is involved with a fraud spam, one looking like
money laundering.)

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.