Date: Wed, 3 Apr 2002 09:37:54 -0500 (EST) From: Ralf Durkee <ralf@net.rd1.net> To: freebsd-stable@FreeBSD.ORG, hawkeyd@visi.com Subject: Re: named connections "in vain" Message-ID: <200204031437.g33EbsKB038625@net.rd1.net> In-Reply-To: <20020403081630.A20450@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
> From owner-freebsd-stable@FreeBSD.ORG Wed Apr 3 09:17:12 2002 > Date: Wed, 3 Apr 2002 08:16:30 -0600 > From: D J Hawkey Jr <hawkeyd@visi.com> > To: stable at FreeBSD <freebsd-stable@FreeBSD.ORG> > Subject: named connections "in vain" > > Hello all. > > This may not be the correct forum, but I'm not sure where else to go with > this. > > I have the "log in vain" MIBs set on, and I get these messages, seemingly > whenever named queries an external server: > > Apr 3 07:36:41 sheol /kernel: Connection attempt to UDP 192.168.16.2:2303 from 192.168.16.2:53 > Apr 3 07:37:45 sheol /kernel: Connection attempt to UDP 192.168.16.2:2311 from 192.168.16.2:53 > Apr 3 07:37:50 sheol /kernel: Connection attempt to UDP 192.168.16.2:2312 from 192.168.16.2:53 > Apr 3 07:38:00 sheol /kernel: Connection attempt to UDP 192.168.16.2:2313 from 192.168.16.2:53 > Apr 3 07:38:20 sheol /kernel: Connection attempt to UDP 192.168.16.2:2314 from 192.168.16.2:53 > > I can't figure out what named is trying to talk with. The only theory I can > come up with is that named is not waiting long enough for the forwarder to > reply, and does the query itself. When the forwarder does [finally] reply, > the connection has already been closed (either by named or ipf)? The Cricket > book (3rd ed.) isn't much help on this. > > See below the ASCII-sig for relevant config files. Can anyone point out my > error(s)? I'll supply more info as required. > > Some notes: > - OS is FreeBSD-RELEASE-p2. BIND is 8.2.4-REL. > - This is on the "internal" side of a gateway box. > - ipfilter's rules are wide open on this interface. ipnat's rule is > "map dc1 192.168.16.0/24 -> XXX.XXX.XXX.YYY/32". > - These messages lessen in frequency when "forward" is set to "only" in > /etc/namedb/named.conf . > - localhost is defined only in /etc/namedb/p/named.localdomain . > - mozilla takes forever to resolve, and generates a lot of these messages. > Other apps resolve pretty quickly. > > TIA, > Dave > I think you you are very close in your evaluation, I also use log in vain, and came to similar conclusions, about these messages. I also noticed that it happens for very slow and non-responsive named servers (especially spammers if theirs a mail server involved) I think increasing the time-out value for your named to be longer than that of the forwarder would eliminate the messages if you are concerned. -- Ralf Durkee http://rd1.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204031437.g33EbsKB038625>