Date: Mon, 17 Feb 2003 20:17:57 -0600 From: "Douglas K. Rand" <rand@meridian-enviro.com> To: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: FireDNS and net.inet.udp.log_in_vain Message-ID: <873cmmpc16.wl@bemidji.meridian-enviro.com>
next in thread | raw e-mail | index | archive | help
I've been playing with MessageWall on one of our systems, and I noticed that we've been getting a lot of messages like: Connection attempt to UDP <our-ip>:<port-above-1024> from <ip-addr-in-resolv.conf>:53 in our logs. I have log_in_vain="YES" in my /etc/rc.conf, which sets: net.inet.tcp.log_in_vain: 1 net.inet.udp.log_in_vain: 1 After a little work with tcpdump, these are queries of the black hole lists (openrbl.org) that MessageWall does. For speed (and security?), MessageWall uses the FireDNS library to do DNS queries. After a little more digging, I found that I can reproduce these messages by using the fdnsip command that comes with FireDNS. Everything seems to work just fine, the queries work, and return what you expect. It seems that I can virtually eliminate these messages by removing all but one host from my /etc/resolv.conf, not a solution that I'm keen on. Has anybody else noticed this, and is there a solution other than "Ignore those log messages" or "Unset net.inet.udp.log_in_vain"? (Both of these solutions /are/ fairly reasonable.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?873cmmpc16.wl>