Date: Mon, 2 Feb 2004 11:03:37 -0500 (EST) From: Kenneth W Cochran <kwc@TheWorld.com> To: Don Lewis <truckman@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: DNS problem Message-ID: <200402021603.LAA18667215@shell.TheWorld.com>
next in thread | raw e-mail | index | archive | help
>Date: Sun, 1 Feb 2004 12:36:27 -0800 (PST) >From: Don Lewis <truckman@freebsd.org> >To: kovacspeter2@freemail.hu >Cc: freebsd-stable@freebsd.org >Subject: Re: DNS problem > >On 1 Feb, Kovács Péter wrote: >> Hello, >> >>> Which server in your organization is acting as a DNS >>> server? >> The Windows... >> >>> If you only have one network card in your FreeBSD box... >> Yes, I only have one. >> >>> This could be why you only see this kind of traffic with one IP address. >> Is there a way to fix this? > >Something on your FreeBSD box is sending DNS queries to your Windows box >and is timing out its query and closing the socket it used to send the >query before the Windows box returns its response. Because you have >net.inet.udp.log_in_vain enabled, your FreeBSD box logs the arrival of >the DNS response packet because there is not a UDP socket listening on >the port that the response is being returned to. > >About all you can do to turn off these messages is to turn off >udp.log_in_vain. As a substitute you could log unexpected packets using >one of the firewall packages on FreeBSD, which would allow you to ignore >packets coming from port 53 on your DNS server. I get similar messages, viz: Feb 2 09:16:59 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3826 from 192.168.0.1:53 Feb 2 09:17:39 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3827 from 192.168.0.1:53 Feb 2 09:20:28 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3853 from 192.168.0.1:53 Feb 2 09:20:33 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3854 from 192.168.0.1:53 Feb 2 09:20:43 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3855 from 192.168.0.1:53 Feb 2 09:21:01 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3856 from 192.168.0.1:53 Sysctl log_in_vain is is set for both tcp & udp. It has been like this for ages and so far I can find neither an explanation as to why, no a way to fix it (assuming it is some kind of breakage/misconfiguration). OS is 4.9-stable as of 15 January, 2004. There is indeed a Windows box at 192.168.0.2, but DNS is on the FreeBSD machine, configured as cache-only (supposedly; could be something not quite correct in that config...) There are 2 network interfaces and the syslog indicates (I think correctly) named listening on both of them when it starts. 192.168.0/24 is on an internal interface/network; the external interface gets its ip-address from the ISP via DHCP. What I'd like to do is 1. fix any errors/misconfigurations that might be causing those messages and 2. keep the cache-only nameserver, and have it run/query efficiently. Any ideas/suggestions/suggested reading? Thanks, -kc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402021603.LAA18667215>