Problem with DNS (UDP) queries
freebsd at tern.ru
freebsd at tern.ru
Fri Jan 9 07:11:31 PST 2004
Yes, I had thought about what you wrote.
Because of this I mentioned that 'I do not want to turn off the "log
in vain" feature.'
To be honest I'd like to fix the reason of the problem not just its
look. I need to make resolver wait for the reply (any including
negative). As I understand resolver functionality is inbuilt into the
libraries including all timeout constants. But I hope that this can be
changed/tuned somehow using sysctl or maybe some other variables.
If this can be fixed in CVS it would be a great solution. But changing
the source on my local system and check the changes again every time I
download something from CVS is not suitable solution.
Anyway, thank you for your reply.
JH> On Fri, Jan 09, 2004 at 05:32:20PM +0300, freebsd at tern.ru wrote:
>> Hi all
>> I am trying to get rid of strings:
>> kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53
>> on my console and in log file
>> I understand that those are replies on DNS queries that for some reason
>> took too long time to be answered.
>> I do not want to turn off the "log in vain" feature.
>> As these strings fill up my log I am afraid to miss some sensitive
>> messages (e.g. hacker's attack :)
>> I'm using FreeBSD 5.1 with ipfw2 that allows via static rules both
>> DNS queries and DNS replies.
>> The main application that generates queries is sendmail.
>> What can be done?
JH> I believe those messages are generated if the following sysctl flag is
JH> you can disable it by executing:
JH> sysctl net.inet.udp.log_in_vain=0
JH> on the commandline.
JH> Obviously though this will disable logging of all vain connection attempts using
JH> the udp protocol. However if you have ipfw set up to log such attempts,
JH> you don't really need that sysctl flag set anyway.
JH> See also the tcp equivalant flag:
JH> also see the manpage for rc.conf(5) regarding the log_in_vain rc.conf
More information about the freebsd-security