From owner-freebsd-security Wed Jun 16 3:59:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id B413714CBB for ; Wed, 16 Jun 1999 03:59:56 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.1) id MAA81346; Wed, 16 Jun 1999 12:59:38 +0200 (CEST) (envelope-from des) To: junkmale@xtra.co.nz Cc: Dag-Erling Smorgrav , security@FreeBSD.ORG, Mike Nowlin Subject: Re: named timeouts References: "Dan Langille"'s message of "Wed, 16 Jun 1999 07:45:31 +1200" <19990616100254.GZCQ311284.mta2-rme@wocker> From: Dag-Erling Smorgrav Date: 16 Jun 1999 12:59:38 +0200 In-Reply-To: "Dan Langille"'s message of "Wed, 16 Jun 1999 22:00:18 +1200" Message-ID: Lines: 16 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Dan Langille" writes: > There messages aren't from ipfilter. I believe they are from my > kernel.log. I apologise for not pointing that out in the first place: > > $ tail kernel.log > Jun 16 09:16:42 ns /kernel: Connection attempt to UDP 127.0.0.1:1391 from 127.0.0.1:53 > Jun 16 09:17:02 ns /kernel: Connection attempt to UDP 127.0.0.1:1393 from 127.0.0.1:53 Ah, these are log_in_vain messages. What they mean is that named isn't listening on 127.0.0.1. You need to add localhost or localnets to the allow-query clause in named.conf (either in the options section or in each zone). DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message