Date: Fri, 9 Jan 2004 18:13:25 +0300 From: freebsd@tern.ru To: Jez Hancock <jez.hancock@munk.nu> Cc: freebsd-security@freebsd.org Subject: Re[2]: Problem with DNS (UDP) queries Message-ID: <1839710842.20040109181325@tern.ru> In-Reply-To: <20040109144956.GB87284@users.munk.nu> References: <1775511953.20040109173220@tern.ru> <20040109144956.GB87284@users.munk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, I had thought about what you wrote.
Because of this I mentioned that 'I do not want to turn off the "log
in vain" feature.'
To be honest I'd like to fix the reason of the problem not just its
look. I need to make resolver wait for the reply (any including
negative). As I understand resolver functionality is inbuilt into the
libraries including all timeout constants. But I hope that this can be
changed/tuned somehow using sysctl or maybe some other variables.
If this can be fixed in CVS it would be a great solution. But changing
the source on my local system and check the changes again every time I
download something from CVS is not suitable solution.
Anyway, thank you for your reply.
JH> On Fri, Jan 09, 2004 at 05:32:20PM +0300, freebsd@tern.ru wrote:
>> Hi all
>>
>> I am trying to get rid of strings:
>> kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53
>> on my console and in log file
>>
>> I understand that those are replies on DNS queries that for some reason
>> took too long time to be answered.
>> I do not want to turn off the "log in vain" feature.
>>
>> As these strings fill up my log I am afraid to miss some sensitive
>> messages (e.g. hacker's attack :)
>>
>> I'm using FreeBSD 5.1 with ipfw2 that allows via static rules both
>> DNS queries and DNS replies.
>>
>> The main application that generates queries is sendmail.
>>
>> What can be done?
JH> I believe those messages are generated if the following sysctl flag is
JH> set:
JH> net.inet.udp.log_in_vain
JH> you can disable it by executing:
JH> sysctl net.inet.udp.log_in_vain=0
JH> on the commandline.
JH> Obviously though this will disable logging of all vain connection attempts using
JH> the udp protocol. However if you have ipfw set up to log such attempts,
JH> you don't really need that sysctl flag set anyway.
JH> See also the tcp equivalant flag:
JH> net.inet.tcp.log_in_vain
JH> also see the manpage for rc.conf(5) regarding the log_in_vain rc.conf
JH> setting.
Alex.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1839710842.20040109181325>