From owner-freebsd-stable Wed Apr 3 6:38: 9 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mailhost.rdurkee.net (net.rd1.net [216.42.81.210]) by hub.freebsd.org (Postfix) with ESMTP id A806A37B41A for ; Wed, 3 Apr 2002 06:38:00 -0800 (PST) Received: from net.rd1.net (localhost.rd1.net [127.0.0.1]) by mailhost.rdurkee.net (8.12.2/8.12.2) with ESMTP id g33EbsCo038626 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 3 Apr 2002 09:37:54 -0500 (EST) (envelope-from ralf@net.rd1.net) X-Authentication-Warning: net.rd1.net: Host localhost.rd1.net [127.0.0.1] claimed to be net.rd1.net Received: (from ralf@localhost) by net.rd1.net (8.12.2/8.12.2/Submit) id g33EbsKB038625; Wed, 3 Apr 2002 09:37:54 -0500 (EST) Date: Wed, 3 Apr 2002 09:37:54 -0500 (EST) From: Ralf Durkee Message-Id: <200204031437.g33EbsKB038625@net.rd1.net> To: freebsd-stable@FreeBSD.ORG, hawkeyd@visi.com Subject: Re: named connections "in vain" In-Reply-To: <20020403081630.A20450@sheol.localdomain> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > From owner-freebsd-stable@FreeBSD.ORG Wed Apr 3 09:17:12 2002 > Date: Wed, 3 Apr 2002 08:16:30 -0600 > From: D J Hawkey Jr > To: stable at FreeBSD > Subject: named connections "in vain" > > Hello all. > > This may not be the correct forum, but I'm not sure where else to go with > this. > > I have the "log in vain" MIBs set on, and I get these messages, seemingly > whenever named queries an external server: > > Apr 3 07:36:41 sheol /kernel: Connection attempt to UDP 192.168.16.2:2303 from 192.168.16.2:53 > Apr 3 07:37:45 sheol /kernel: Connection attempt to UDP 192.168.16.2:2311 from 192.168.16.2:53 > Apr 3 07:37:50 sheol /kernel: Connection attempt to UDP 192.168.16.2:2312 from 192.168.16.2:53 > Apr 3 07:38:00 sheol /kernel: Connection attempt to UDP 192.168.16.2:2313 from 192.168.16.2:53 > Apr 3 07:38:20 sheol /kernel: Connection attempt to UDP 192.168.16.2:2314 from 192.168.16.2:53 > > I can't figure out what named is trying to talk with. The only theory I can > come up with is that named is not waiting long enough for the forwarder to > reply, and does the query itself. When the forwarder does [finally] reply, > the connection has already been closed (either by named or ipf)? The Cricket > book (3rd ed.) isn't much help on this. > > See below the ASCII-sig for relevant config files. Can anyone point out my > error(s)? I'll supply more info as required. > > Some notes: > - OS is FreeBSD-RELEASE-p2. BIND is 8.2.4-REL. > - This is on the "internal" side of a gateway box. > - ipfilter's rules are wide open on this interface. ipnat's rule is > "map dc1 192.168.16.0/24 -> XXX.XXX.XXX.YYY/32". > - These messages lessen in frequency when "forward" is set to "only" in > /etc/namedb/named.conf . > - localhost is defined only in /etc/namedb/p/named.localdomain . > - mozilla takes forever to resolve, and generates a lot of these messages. > Other apps resolve pretty quickly. > > TIA, > Dave > I think you you are very close in your evaluation, I also use log in vain, and came to similar conclusions, about these messages. I also noticed that it happens for very slow and non-responsive named servers (especially spammers if theirs a mail server involved) I think increasing the time-out value for your named to be longer than that of the forwarder would eliminate the messages if you are concerned. -- Ralf Durkee http://rd1.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message