From owner-freebsd-stable@FreeBSD.ORG Mon Feb 2 12:28:38 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC76B16A4CF; Mon, 2 Feb 2004 12:28:37 -0800 (PST) Received: from drugs.dv.isc.org (c211-30-120-24.carlnfd2.nsw.optusnet.com.au [211.30.120.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9759E43D5E; Mon, 2 Feb 2004 12:28:32 -0800 (PST) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.10/8.12.10) with ESMTP id i12KSTcc035044; Tue, 3 Feb 2004 07:28:29 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200402022028.i12KSTcc035044@drugs.dv.isc.org> To: Kenneth W Cochran From: Mark.Andrews@isc.org In-reply-to: Your message of "Mon, 02 Feb 2004 11:03:37 CDT." <200402021603.LAA18667215@shell.TheWorld.com> Date: Tue, 03 Feb 2004 07:28:29 +1100 Sender: marka@isc.org cc: Don Lewis cc: freebsd-stable@freebsd.org Subject: Re: DNS problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2004 20:28:38 -0000 > >Date: Sun, 1 Feb 2004 12:36:27 -0800 (PST) > >From: Don Lewis > >To: kovacspeter2@freemail.hu > >Cc: freebsd-stable@freebsd.org > >Subject: Re: DNS problem > > > >On 1 Feb, Kovács Péter wrote: > >> Hello, > >> > >>> Which server in your organization is acting as a DNS > >>> server? > >> The Windows... > >> > >>> If you only have one network card in your FreeBSD box... > >> Yes, I only have one. > >> > >>> This could be why you only see this kind of traffic with one IP address. > >> Is there a way to fix this? > > > >Something on your FreeBSD box is sending DNS queries to your Windows box > >and is timing out its query and closing the socket it used to send the > >query before the Windows box returns its response. Because you have > >net.inet.udp.log_in_vain enabled, your FreeBSD box logs the arrival of > >the DNS response packet because there is not a UDP socket listening on > >the port that the response is being returned to. > > > >About all you can do to turn off these messages is to turn off > >udp.log_in_vain. As a substitute you could log unexpected packets using > >one of the firewall packages on FreeBSD, which would allow you to ignore > >packets coming from port 53 on your DNS server. > > I get similar messages, viz: > > Feb 2 09:16:59 localhost /kernel: Connection attempt to UDP 192. > 168.0.1:3826 from 192.168.0.1:53 > Feb 2 09:17:39 localhost /kernel: Connection attempt to UDP 192. > 168.0.1:3827 from 192.168.0.1:53 > Feb 2 09:20:28 localhost /kernel: Connection attempt to UDP 192. > 168.0.1:3853 from 192.168.0.1:53 > Feb 2 09:20:33 localhost /kernel: Connection attempt to UDP 192. > 168.0.1:3854 from 192.168.0.1:53 > Feb 2 09:20:43 localhost /kernel: Connection attempt to UDP 192. > 168.0.1:3855 from 192.168.0.1:53 > Feb 2 09:21:01 localhost /kernel: Connection attempt to UDP 192. > 168.0.1:3856 from 192.168.0.1:53 > > Sysctl log_in_vain is is set for both tcp & udp. > > It has been like this for ages and so far I can find > neither an explanation as to why, no a way to fix it > (assuming it is some kind of breakage/misconfiguration). > OS is 4.9-stable as of 15 January, 2004. Your resolver asks the same question multiple times to multiple servers. It closes the socket after it gets the first answers. It is *normal* to receive answers from the other server after the first answer. It is also *normal* to receive answers late if the nameserver cannot resolve the answer. In this case it sends SERVFAIL to say that it is giving up. Usually the client has timed-out and closed the socket before that has happened. > There is indeed a Windows box at 192.168.0.2, but DNS is on > the FreeBSD machine, configured as cache-only (supposedly; > could be something not quite correct in that config...) > > There are 2 network interfaces and the syslog indicates > (I think correctly) named listening on both of them when it > starts. 192.168.0/24 is on an internal interface/network; > the external interface gets its ip-address from the ISP > via DHCP. > > What I'd like to do is 1. fix any errors/misconfigurations > that might be causing those messages and 2. keep the > cache-only nameserver, and have it run/query efficiently. > > Any ideas/suggestions/suggested reading? > > Thanks, > > -kc > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org