Date: Wed, 16 Jun 1999 23:12:21 +1200 From: "Dan Langille" <dan.langille@dvl-software.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: security@FreeBSD.ORG, Mike Nowlin <mike@argos.org> Subject: Re: named timeouts Message-ID: <199906161112.GAA26982@metis.host4u.net> In-Reply-To: <xzpzp20csx1.fsf@flood.ping.uio.no> References: "Dan Langille"'s message of "Wed, 16 Jun 1999 22:00:18 %2B1200"
next in thread | previous in thread | raw e-mail | index | archive | help
On 16 Jun 99, at 12:59, Dag-Erling Smorgrav wrote:
> "Dan Langille" <junkmale@xtra.co.nz> writes:
> > There messages aren't from ipfilter. I believe they are from my
> > kernel.log. I apologise for not pointing that out in the first place:
> >
> > $ tail kernel.log
> > Jun 16 09:16:42 ns /kernel: Connection attempt to UDP 127.0.0.1:1391
> > from 127.0.0.1:53 Jun 16 09:17:02 ns /kernel: Connection attempt to UDP
> > 127.0.0.1:1393 from 127.0.0.1:53
>
> Ah, these are log_in_vain messages. What they mean is that named isn't
> listening on 127.0.0.1. You need to add localhost or localnets to the
> allow-query clause in named.conf (either in the options section or in each
> zone).
This is sounding better. I just checked named.conf. At present, I don't
have any allow-query statements. According to p250 of DNS and BIND,
I could just add the following:
options {
allow-query { 127.0.0.1/32; }
}
But would that prevent everyone else from getting in?
--
Dan Langille - DVL Software Limited
The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/
NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/
The Racing System - http://www.racingsystem.com/racingsystem.htm
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906161112.GAA26982>