Problem with DNS (UDP) queries

freebsd at tern.ru freebsd at tern.ru
Fri Jan 9 07:11:31 PST 2004 

Yes, I had thought about what you wrote.
Because of this I mentioned that 'I do not want to turn off the "log
in vain" feature.'

To be honest I'd like to fix the reason of the problem not just its
look. I need to make resolver wait for the reply (any including
negative). As I understand resolver functionality is inbuilt into the
libraries including all timeout constants. But I hope that this can be
changed/tuned somehow using sysctl or maybe some other variables.

If this can be fixed in CVS it would be a great solution. But changing
the source on my local system and check the changes again every time I
download something from CVS is not suitable solution.

Anyway, thank you for your reply.


JH> On Fri, Jan 09, 2004 at 05:32:20PM +0300, freebsd at tern.ru wrote:
>> Hi all
>> 
>> I am trying to get rid of strings:
>>  kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53
>> on my console and in log file
>> 
>> I understand that those are replies on DNS queries that for some reason
>>  took too long time to be answered.
>> I do not want to turn off the "log in vain" feature.
>> 
>> As these strings fill up my log I am afraid to miss some sensitive
>> messages (e.g. hacker's attack :)
>> 
>> I'm using FreeBSD 5.1 with ipfw2 that allows via static rules both 
>>                 DNS queries and DNS replies.
>> 
>> The main application that generates queries is sendmail.
>> 
>> What can be done?
JH> I believe those messages are generated if the following sysctl flag is
JH> set:

JH> net.inet.udp.log_in_vain

JH> you can disable it by executing:

JH> sysctl net.inet.udp.log_in_vain=0

JH> on the commandline.

JH> Obviously though this will disable logging of all vain connection attempts using
JH> the udp protocol.  However if you have ipfw set up to log such attempts,
JH> you don't really need that sysctl flag set anyway.

JH> See also the tcp equivalant flag:

JH> net.inet.tcp.log_in_vain

JH> also see the manpage for rc.conf(5) regarding the log_in_vain rc.conf
JH> setting.

Alex.

More information about the freebsd-security mailing list