From owner-freebsd-stable@FreeBSD.ORG Sun Feb 1 12:36:40 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54EC016A4CE for ; Sun, 1 Feb 2004 12:36:40 -0800 (PST) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A2B843D5D for ; Sun, 1 Feb 2004 12:36:36 -0800 (PST) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.9p2/8.12.9) with ESMTP id i11KaR7E098132; Sun, 1 Feb 2004 12:36:32 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200402012036.i11KaR7E098132@gw.catspoiler.org> Date: Sun, 1 Feb 2004 12:36:27 -0800 (PST) From: Don Lewis To: kovacspeter2@freemail.hu In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT cc: freebsd-stable@FreeBSD.org Subject: Re: DNS problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Feb 2004 20:36:40 -0000 On 1 Feb, Kovács Péter wrote: > Hello, > >> Which server in your organization is acting as a DNS >> server? > The Windows... > >> If you only have one network card in your FreeBSD box... > Yes, I only have one. > >> This could be why you only see this kind of traffic with one IP address. > Is there a way to fix this? Something on your FreeBSD box is sending DNS queries to your Windows box and is timing out its query and closing the socket it used to send the query before the Windows box returns its response. Because you have net.inet.udp.log_in_vain enabled, your FreeBSD box logs the arrival of the DNS response packet because there is not a UDP socket listening on the port that the response is being returned to. About all you can do to turn off these messages is to turn off udp.log_in_vain. As a substitute you could log unexpected packets using one of the firewall packages on FreeBSD, which would allow you to ignore packets coming from port 53 on your DNS server.