Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 May 2005 10:51:37 -0600
From:      Stephane Raimbault <stephane@enertiasoft.com>
To:        freebsd-ipfw@freebsd.org
Subject:   named error sending response: permision denied
Message-ID:  <39F3A41D-9555-452F-8B41-3EA03E1AC460@enertiasoft.com>
next in thread | raw e-mail | index | archive | help 
Hi,

I've been noticing lots of errors in my /var/log/messages reporting  
named errors:

May 18 06:45:14 enertia1 named[8320]: client 204.9.110.133#1829:  
error sending response: permission denied
May 18 06:45:14 enertia1 named[8320]: client 204.9.110.133#1993:  
error sending response: permission denied
May 18 06:45:19 enertia1 named[8320]: client 204.9.110.132#3123:  
error sending response: permission denied
May 18 06:45:22 enertia1 named[8320]: client 204.9.110.143#61370:  
error sending response: permission denied
May 18 06:46:21 enertia1 named[8320]: client 204.9.110.133#3529:  
error sending response: permission denied

I also noticed these errors in my ipfw.log file:

May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP  
63.252.160.219:53 204.9.110.134:3371 in via vlan1
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP  
63.252.160.219:53 204.9.110.134:1420 in via vlan1
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP  
63.252.160.219:53 204.9.110.134:2961 in via vlan1
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP  
63.252.160.219:53 204.9.110.134:4701 in via vlan1


For some reason, it seems like ipfw is kaboshing some of the dns  
queries going thru the server.  Queries seem to work as far as I can  
tell, but randomly I get the above error messags.  I believe this is  
a fairly heavily loaded dns server amongst other services.

Here are my ipfw rules for the dns:

/etc/rc.firewall.rules

fwcmd="/sbin/ipfw -q"
ip2=204.9.110.134
${fwcmd} add pass tcp from any to ${ip2} 53 setup
${fwcmd} add pass udp from any to ${ip2} 53 keep-state


I'm suspecting I'm hitting some sort of tunable (hopefully) ipfw  
limit.  Can anyone provide me some insight on this... I'm not having  
much look with google or looking in the list archives.

This is on a FreeBSD 4.11 system.

Thank you,
Stephane

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39F3A41D-9555-452F-8B41-3EA03E1AC460>