From owner-freebsd-security Thu Oct 15 05:30:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA14629 for freebsd-security-outgoing; Thu, 15 Oct 1998 05:30:24 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA14621 for ; Thu, 15 Oct 1998 05:30:20 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with SMTP id BAA00476; Fri, 16 Oct 1998 01:29:54 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Fri, 16 Oct 1998 01:29:54 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Dmitry Sergeev cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall log and setup In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 15 Oct 1998, Dmitry Sergeev wrote: > Hi! > When i have installed FreeBSD 2.2.7 my firewall become to log this packets..(see log below) > When i worked with FreeBSD 2.2.5 everything was ok. These denied UDP packets > come from root DNS servers which are listed in named.root If you don't want your named to try to talk to name services all over the place you should tell it to only forward requests to a list of IP's you specify using forwarders your_privder_dns some_other_dns options forward-only > Maybe someone comment this situation? > What does Fragment = 34 mean? I think this is a separate issue. dns packets are mostly fairly small and shouldn't need to be fragmented. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message