Skip site navigation (1)Skip section navigation (2) 
Date:      27 Oct 2002 15:24:07 +0000
From:      Stacey Roberts <stacey@Demon.vickiandstacey.com>
To:        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject:   dig . ns @b.root-servers.net - Connection refused. WHY? [related to FBSD 4.7 reset itself - lots of "DENY UDP" mess]ages in /var/log/security
Message-ID:  <1035732248.394.22.camel@Demon.vickiandstacey.com>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
Hello,
     I don't know if this is related to post earlier today [FBSD 4.7
reset itself - lots of "DENY UDP" messages in /var/log/security], but
I've been trying to trouble shoot the "DENY" messages in
/var/log/security using dig:

# dig . ns @b.root-servers.net

; <<>> DiG 8.3 <<>> . ns @b.root-servers.net 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server b.root-servers.net  128.9.0.107: Connection
refused
# 
I get connection refused for this. Checking security:
Oct 27 15:16:26 Demon /kernel: ipfw: 910 Deny UDP <snip>:1381
128.9.0.107:53 out via sis0
Oct 27 15:16:26 Demon /kernel: ipfw: 910 Deny UDP 1<snip>:1382
128.9.0.107:53 out via sis0
# 

Verifying relevant ipfw rules:
# Allow out access to Internet Domain name server
$fwcmd add 00618 allow tcp from any to any 53 out via $oif setup
keep-state 
$fwcmd add 00619 allow udp from any to any 53 out via $oif setup
keep-state

Checking ipfw rule 910:
$fwcmd add 00910 deny log logamount 500 ip from any to any

Why am I not able to query root servers, given my rules 00618 & 00619? 

I'd appreciate someone helping me out here., (or hitting me over the
head if I'm missing something simple and glaringly obvious)

TIA 

Stacey



-- 
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUAPbwFFZvQeubckvvXAQGdegf/cliHg/dhOkiueDXn/L1OUnxBus8ofRn+
YCbnpM2xDE5eXoH/5GsGsVF5+H4CAckmFuj8vcJvRbsg2VApHa5lIhSRjb/DXVbM
x0jILmzcVANkkrTFqgkmq5UXOvEL/O66+4Pytz5uM7r9H9E8in7DzrHmdeEKKWdt
pjGTpaMuEePgms10gGDHn47yEDWVYQ7M592vujQanve7dPCwDU8k+s77QSEX6Dji
Ca754LL27oVtsR+ET1X+GybNFYPha9GLyuT0PiO8cQZN4bDMolDp6TRgHGsXQN5a
60sELSoWDxWztUrKrBGCAwTol5FcdMMkBwcibGHo4FOvYE7MenBiig==
=Z2o1
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035732248.394.22.camel>