From owner-freebsd-security  Wed Apr 10  8:15:12 2002
Delivered-To: freebsd-security@freebsd.org
Received: from neptune.deep-ocean.net (APastourelles-107-1-1-30.abo.wanadoo.fr [80.13.78.30])
	by hub.freebsd.org (Postfix) with ESMTP id CA00F37B423
	for <freebsd-security@freebsd.org>; Wed, 10 Apr 2002 08:14:33 -0700 (PDT)
Received: by neptune.deep-ocean.net (Postfix, from userid 1000)
	id B8F085EF02; Wed, 10 Apr 2002 17:14:31 +0200 (CEST)
Date: Wed, 10 Apr 2002 17:14:31 +0200
From: Olivier Cortes <olive@deep-ocean.org>
To: freebsd-security@freebsd.org
Subject: Re: Mysterious entries in kernel log relating to DNS
Message-ID: <20020410151431.GA3980@neptune.deep-ocean.local>
Mail-Followup-To: Olivier Cortes <olive@deep-ocean.org>,
	freebsd-security@freebsd.org
References: <20020410143646.56360.qmail@web11807.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: <20020410143646.56360.qmail@web11807.mail.yahoo.com>
User-Agent: Mutt/1.3.27i
X-Operating-System: FreeBSD 4.5-STABLE i386 up 4 days, 16:14, 1 user, load averages: 0.29 0.18 0.12
Organization: Deep-Ocean Network
X-URL: http://www.deep-ocean.org/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Apr 10, 2002 at 07:36:46AM -0700, X Philius wrote:
> Question:
> Periodically (a few times a week) I get these entries in the security
> email autimagically sent by the standard scripts in periodic. Sometimes
> there are many of them, and sometimes there are only a few or none. I
> *am* using IPFW, however these entries are not being blocked by my last
> rule, which I have numbered 999 (an example entry that *is* being
> blocked by rule number 999 is also pasted below for clarity). My
> understanding is that this log entry means that an attempt is being
> made by localhost to access the name server on localhost, but that bind
> is not listening or the request is malformed. I realize that this may
> not be a question for security, but it *is* generated by the built in
> FreeBSD security scripts, so I thought I'd start here. Thanks in
> advance for any light you can shed on this phenom.

this has been discussed on this list or on stable.
it is related to a timeout [problem] on your bind.
search the archive for more info.

hth,

--
Olivier Cortes
GPG 1024/46CE0A51 : 8DB6 A56C 00CA DA0F F77F  86EB E86A 803C 46CE 0A51

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message