Date: Wed, 3 Apr 2002 08:16:30 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: stable at FreeBSD <freebsd-stable@freebsd.org> Subject: named connections "in vain" Message-ID: <20020403081630.A20450@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
Hello all.
This may not be the correct forum, but I'm not sure where else to go with
this.
I have the "log in vain" MIBs set on, and I get these messages, seemingly
whenever named queries an external server:
Apr 3 07:36:41 sheol /kernel: Connection attempt to UDP 192.168.16.2:2303 from 192.168.16.2:53
Apr 3 07:37:45 sheol /kernel: Connection attempt to UDP 192.168.16.2:2311 from 192.168.16.2:53
Apr 3 07:37:50 sheol /kernel: Connection attempt to UDP 192.168.16.2:2312 from 192.168.16.2:53
Apr 3 07:38:00 sheol /kernel: Connection attempt to UDP 192.168.16.2:2313 from 192.168.16.2:53
Apr 3 07:38:20 sheol /kernel: Connection attempt to UDP 192.168.16.2:2314 from 192.168.16.2:53
I can't figure out what named is trying to talk with. The only theory I can
come up with is that named is not waiting long enough for the forwarder to
reply, and does the query itself. When the forwarder does [finally] reply,
the connection has already been closed (either by named or ipf)? The Cricket
book (3rd ed.) isn't much help on this.
See below the ASCII-sig for relevant config files. Can anyone point out my
error(s)? I'll supply more info as required.
Some notes:
- OS is FreeBSD-RELEASE-p2. BIND is 8.2.4-REL.
- This is on the "internal" side of a gateway box.
- ipfilter's rules are wide open on this interface. ipnat's rule is
"map dc1 192.168.16.0/24 -> XXX.XXX.XXX.YYY/32".
- These messages lessen in frequency when "forward" is set to "only" in
/etc/namedb/named.conf .
- localhost is defined only in /etc/namedb/p/named.localdomain .
- mozilla takes forever to resolve, and generates a lot of these messages.
Other apps resolve pretty quickly.
TIA,
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
---8<--- /etc/resolv.conf
domain localdomain
nameserver 192.168.16.2
--->8---
---8<--- /etc/rc.conf (excerpted)
hostname="sheol.localdomain"
ifconfig_dc0="inet 192.168.16.2 netmask 255.255.255.0"
ifconfig_dc1="inet XXX.XXX.XXX.YYY netmask 255.255.255.252"
gateway_enable="YES"
named_enable="YES"
named_flags="-u bind -g bind"
defaultrouter="XXX.XXX.XXX.XXX"
ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
ipfs_enable="YES"
xntpd_enable="YES"
xntpd_flags="-A -p /var/run/ntpd.pid"
--->8---
---8<--- /etc/sysctl.conf
kern.ipc.somaxconn=1024
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.ip.redirect=0
net.inet6.ip6.redirect=0
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0
net.link.ether.inet.max_age=1200
net.inet.icmp.bmcastecho=0
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1
--->8---
---8<--- /etc/namedb/named.conf
options {
directory "/etc/namedb";
query-source address * port 53;
forwarders { YYY.YYY.YYY.YYY; ZZZ.ZZZ.ZZZ.ZZZ; };
forward first;
listen-on { 192.168.16.0/24; };
allow-query { 192.168.16.0/24; };
allow-recursion { 192.168.16.0/24; };
allow-transfer { 192.168.16.0/24; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "p/0.0.127.in-addr.arpa";
#allow-update { 192.168.16.2; };
};
zone "localdomain" IN {
type master;
file "p/named.localdomain";
#allow-update { 192.168.16.2; };
};
zone "16.168.192.in-addr.arpa" IN {
type master;
file "p/16.168.192.in-addr.arpa";
#allow-update { 192.168.16.2; };
};
--->8---
---8<--- /etc/ipf.rules (excerpted)
block out quick on dc1 all head 10
...
pass out quick on dc1 proto tcp from any to any port = 53 flags S keep state keep frags group 10
pass out quick on dc1 proto udp from any to any port = 53 keep state group 10
...
block out log on dc1 all group 10
--->8---
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020403081630.A20450>