From owner-freebsd-questions@FreeBSD.ORG Wed Apr 23 16:00:34 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 847D637B401 for ; Wed, 23 Apr 2003 16:00:34 -0700 (PDT) Received: from rammstein.mweb.co.za (rammstein.mweb.co.za [196.2.53.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F36543F3F for ; Wed, 23 Apr 2003 16:00:32 -0700 (PDT) (envelope-from dj_boris@mail.ru) Received: from kny-dial-196-7-205-180.mweb.co.za ([196.7.205.180] helo=d) by rammstein.mweb.co.za with smtp (Exim 3.33 #1) id 198Sxs-0007I6-00 for freebsd-questions@FreeBSD.ORG; Thu, 24 Apr 2003 00:43:45 +0200 Message-ID: <017901c309ec$205fb1a0$6300a8c0@d> From: "DJ Boris" To: "freebsd-questions" References: <012501c309e6$23c2e890$6300a8c0@d> <20030423152619.U9680@tigger.alkinetworks.com> Date: Thu, 24 Apr 2003 01:00:24 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Re: some service is causing DNS query and therefore dial out X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2003 23:00:35 -0000 here is what "lsof -i" shows COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslogd 63 root 4u IPv6 0xc5d47ec0 0t0 UDP *:syslog syslogd 63 root 5u IPv4 0xc5d47e00 0t0 UDP *:syslog named 66 root 4u IPv4 0xc5d47d40 0t0 UDP *:rplay named 66 root 20u IPv4 0xc5d47c80 0t0 UDP fbsd.xx.xx:domain named 66 root 21u IPv4 0xc5d78d80 0t0 TCP fbsd.xx.xx:domain (LISTEN) inetd 72 root 4u IPv4 0xc5d79e80 0t0 TCP *:ftp (LISTEN) inetd 72 root 5u IPv4 0xc5d79c60 0t0 TCP *:pop3 (LISTEN) inetd 72 root 6u IPv4 0xc5d79a40 0t0 TCP *:netbios-ssn (LISTEN) inetd 72 root 7u IPv4 0xc5d47bc0 0t0 UDP *:netbios-ns inetd 72 root 8u IPv4 0xc5d79820 0t0 TCP *:swat (LISTEN) sshd 76 root 3u IPv4 0xc5d79600 0t0 TCP fbsd..xx.xx:ssh (LISTEN) sshd 79 root 4u IPv4 0xc5d793e0 0t0 TCP fbsd..xx.xx:ssh->d.xx.xx:3443 (ESTABLISHED) sendmail 107 root 3u IPv4 0xc5d791c0 0t0 TCP *:smtp (LISTEN) sendmail 107 root 5u IPv4 0xc5d7ad60 0t0 TCP *:submission (LISTEN) nmbd 159 root 0u IPv4 0xc5d47bc0 0t0 UDP *:netbios-ns nmbd 159 root 1u IPv4 0xc5d47bc0 0t0 UDP *:netbios-ns nmbd 159 root 6u IPv4 0xc5d47b00 0t0 UDP *:netbios-dgm what is "rplay" - what worries me is that it is named itself.... here is my named.conf ======================== logging { channel update_debug { file "/var/log/update-debug.log"; severity debug 3; print-category yes; print-severity yes; print-time yes; }; channel security_info { file "/var/log/named-auth.info"; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update_debug; }; category security { security_info; }; }; options { directory "/etc/namedb"; version ""; forward only; forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; }; notify no; suppress-initial-notify yes; listen-on { 192.168.0.1; }; heartbeat-interval 0; query-source address * port 5555; }; key DHCP_UPDATER { algorithm xxxxxxxxxxxxxxxxxx; secret xxxxxxxxxxxxxxxxxxxxx; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; dialup yes; }; zone "localhost" { type master; file "localhost.zone"; dialup yes; }; zone "xxx.xxx.xxx" { type master; file "xxx.xxx.xxx"; allow-update { key DHCP_UPDATER; }; dialup yes; }; zone "0.168.192.in-addr.arpa" { type master; file "0.168.192.rev"; allow-update { key DHCP_UPDATER; }; dialup yes; }; ======================================== ----- Original Message ----- From: "Philip Hallstrom" To: "DJ Boris" Cc: "freebsd-questions" Sent: Thursday, April 24, 2003 12:27 AM Subject: Re: some service is causing DNS query and therefore dial out > Install the lsof port and then run "lsof -i" although be sure to tell it > not to resolve ip addresses otherwise it will cause a dial out :) > > > this might help track it down... > > -philip > > On Thu, 24 Apr 2003, DJ Boris wrote: > > > hi there, > > > > I am having a problem tracking down "something" that triggers a dial out on > > my > > > > FreeBSD 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Wed Oct 9 15:08:34 GMT 2002 > > root@builder.freebsdmall.com:/usr/obj/usr/src/sys/GENERIC i386 > > > > It is somethign trying to do a DNS query > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (44/72) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (44/72) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (39/67) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (50/78) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (39/67) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (50/78) > > > > > > I have sendmail but I have removed the "-q" flag so I only call that from > > ppp.linkup file. how can I track down what this service is? can anyone give > > me any ideas? this server is alone on the LAN at the moment? > > > > I have a DNS server running but I have heartbeat-interval set to 0. > > > > I have spent hours looking through the logs and tracking the times but I > > don't seem to be able to identify what is causing this. > > > > can someone help me out here? what conf files do I need to give you? > > > > thanx a lot > > > > DJ Boris > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > >