Date: 27 Oct 2002 15:24:07 +0000 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: dig . ns @b.root-servers.net - Connection refused. WHY? [related to FBSD 4.7 reset itself - lots of "DENY UDP" mess]ages in /var/log/security Message-ID: <1035732248.394.22.camel@Demon.vickiandstacey.com>
next in thread | raw e-mail | index | archive | help
--=-6fkM8by0js0fypiATIX8
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hello,
I don't know if this is related to post earlier today [FBSD 4.7
reset itself - lots of "DENY UDP" messages in /var/log/security], but
I've been trying to trouble shoot the "DENY" messages in
/var/log/security using dig:
# dig . ns @b.root-servers.net
; <<>> DiG 8.3 <<>> . ns @b.root-servers.net=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server b.root-servers.net 128.9.0.107: Connection
refused
#=20
I get connection refused for this. Checking security:
Oct 27 15:16:26 Demon /kernel: ipfw: 910 Deny UDP <snip>:1381
128.9.0.107:53 out via sis0
Oct 27 15:16:26 Demon /kernel: ipfw: 910 Deny UDP 1<snip>:1382
128.9.0.107:53 out via sis0
#=20
Verifying relevant ipfw rules:
# Allow out access to Internet Domain name server
$fwcmd add 00618 allow tcp from any to any 53 out via $oif setup
keep-state=20
$fwcmd add 00619 allow udp from any to any 53 out via $oif setup
keep-state
Checking ipfw rule 910:
$fwcmd add 00910 deny log logamount 500 ip from any to any
Why am I not able to query root servers, given my rules 00618 & 00619?=20
I'd appreciate someone helping me out here., (or hitting me over the
head if I'm missing something simple and glaringly obvious)
TIA=20
Stacey
--=20
Stacey Roberts
B.Sc (HONS) Computer Science
Web: www.vickiandstacey.com
--=-6fkM8by0js0fypiATIX8
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQEVAwUAPbwFFZvQeubckvvXAQGdegf/cliHg/dhOkiueDXn/L1OUnxBus8ofRn+
YCbnpM2xDE5eXoH/5GsGsVF5+H4CAckmFuj8vcJvRbsg2VApHa5lIhSRjb/DXVbM
x0jILmzcVANkkrTFqgkmq5UXOvEL/O66+4Pytz5uM7r9H9E8in7DzrHmdeEKKWdt
pjGTpaMuEePgms10gGDHn47yEDWVYQ7M592vujQanve7dPCwDU8k+s77QSEX6Dji
Ca754LL27oVtsR+ET1X+GybNFYPha9GLyuT0PiO8cQZN4bDMolDp6TRgHGsXQN5a
60sELSoWDxWztUrKrBGCAwTol5FcdMMkBwcibGHo4FOvYE7MenBiig==
=Z2o1
-----END PGP SIGNATURE-----
--=-6fkM8by0js0fypiATIX8--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035732248.394.22.camel>