From owner-freebsd-stable Wed Apr 3 6:16:47 2002 Delivered-To: freebsd-stable@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id EF09437B41A for ; Wed, 3 Apr 2002 06:16:31 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id 2ECEE2D047B for ; Wed, 3 Apr 2002 08:16:31 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g33EGUn20602 for freebsd-stable@freebsd.org; Wed, 3 Apr 2002 08:16:30 -0600 (CST) (envelope-from hawkeyd) Date: Wed, 3 Apr 2002 08:16:30 -0600 From: D J Hawkey Jr To: stable at FreeBSD Subject: named connections "in vain" Message-ID: <20020403081630.A20450@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello all. This may not be the correct forum, but I'm not sure where else to go with this. I have the "log in vain" MIBs set on, and I get these messages, seemingly whenever named queries an external server: Apr 3 07:36:41 sheol /kernel: Connection attempt to UDP 192.168.16.2:2303 from 192.168.16.2:53 Apr 3 07:37:45 sheol /kernel: Connection attempt to UDP 192.168.16.2:2311 from 192.168.16.2:53 Apr 3 07:37:50 sheol /kernel: Connection attempt to UDP 192.168.16.2:2312 from 192.168.16.2:53 Apr 3 07:38:00 sheol /kernel: Connection attempt to UDP 192.168.16.2:2313 from 192.168.16.2:53 Apr 3 07:38:20 sheol /kernel: Connection attempt to UDP 192.168.16.2:2314 from 192.168.16.2:53 I can't figure out what named is trying to talk with. The only theory I can come up with is that named is not waiting long enough for the forwarder to reply, and does the query itself. When the forwarder does [finally] reply, the connection has already been closed (either by named or ipf)? The Cricket book (3rd ed.) isn't much help on this. See below the ASCII-sig for relevant config files. Can anyone point out my error(s)? I'll supply more info as required. Some notes: - OS is FreeBSD-RELEASE-p2. BIND is 8.2.4-REL. - This is on the "internal" side of a gateway box. - ipfilter's rules are wide open on this interface. ipnat's rule is "map dc1 192.168.16.0/24 -> XXX.XXX.XXX.YYY/32". - These messages lessen in frequency when "forward" is set to "only" in /etc/namedb/named.conf . - localhost is defined only in /etc/namedb/p/named.localdomain . - mozilla takes forever to resolve, and generates a lot of these messages. Other apps resolve pretty quickly. TIA, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ ---8<--- /etc/resolv.conf domain localdomain nameserver 192.168.16.2 --->8--- ---8<--- /etc/rc.conf (excerpted) hostname="sheol.localdomain" ifconfig_dc0="inet 192.168.16.2 netmask 255.255.255.0" ifconfig_dc1="inet XXX.XXX.XXX.YYY netmask 255.255.255.252" gateway_enable="YES" named_enable="YES" named_flags="-u bind -g bind" defaultrouter="XXX.XXX.XXX.XXX" ipfilter_enable="YES" ipnat_enable="YES" ipmon_enable="YES" ipfs_enable="YES" xntpd_enable="YES" xntpd_flags="-A -p /var/run/ntpd.pid" --->8--- ---8<--- /etc/sysctl.conf kern.ipc.somaxconn=1024 net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=1 net.inet.ip.redirect=0 net.inet6.ip6.redirect=0 net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 net.link.ether.inet.max_age=1200 net.inet.icmp.bmcastecho=0 net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 --->8--- ---8<--- /etc/namedb/named.conf options { directory "/etc/namedb"; query-source address * port 53; forwarders { YYY.YYY.YYY.YYY; ZZZ.ZZZ.ZZZ.ZZZ; }; forward first; listen-on { 192.168.16.0/24; }; allow-query { 192.168.16.0/24; }; allow-recursion { 192.168.16.0/24; }; allow-transfer { 192.168.16.0/24; }; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "p/0.0.127.in-addr.arpa"; #allow-update { 192.168.16.2; }; }; zone "localdomain" IN { type master; file "p/named.localdomain"; #allow-update { 192.168.16.2; }; }; zone "16.168.192.in-addr.arpa" IN { type master; file "p/16.168.192.in-addr.arpa"; #allow-update { 192.168.16.2; }; }; --->8--- ---8<--- /etc/ipf.rules (excerpted) block out quick on dc1 all head 10 ... pass out quick on dc1 proto tcp from any to any port = 53 flags S keep state keep frags group 10 pass out quick on dc1 proto udp from any to any port = 53 keep state group 10 ... block out log on dc1 all group 10 --->8--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message