DNS problem

Kenneth W Cochran kwc at TheWorld.com
Mon Feb 2 08:05:05 PST 2004 

>Date: Sun, 1 Feb 2004 12:36:27 -0800 (PST)
>From: Don Lewis <truckman at freebsd.org>
>To: kovacspeter2 at freemail.hu
>Cc: freebsd-stable at freebsd.org
>Subject: Re: DNS problem
>
>On  1 Feb, Kovács Péter wrote:
>> Hello,
>>
>>> Which server in your organization is acting as a DNS
>>> server?
>> The Windows...
>>
>>> If you only have one network card in your FreeBSD box...
>> Yes, I only have one.
>>
>>> This could be why you only see this kind of traffic with one IP address.
>> Is there a way to fix this?
>
>Something on your FreeBSD box is sending DNS queries to your Windows box
>and is timing out its query and closing the socket it used to send the
>query before the Windows box returns its response.  Because you have
>net.inet.udp.log_in_vain enabled, your FreeBSD box logs the arrival of
>the DNS response packet because there is not a UDP socket listening on
>the port that the response is being returned to.
>
>About all you can do to turn off these messages is to turn off
>udp.log_in_vain.  As a substitute you could log unexpected packets using
>one of the firewall packages on FreeBSD, which would allow you to ignore
>packets coming from port 53 on your DNS server.

I get similar messages, viz:

Feb  2 09:16:59 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3826 from 192.168.0.1:53
Feb  2 09:17:39 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3827 from 192.168.0.1:53
Feb  2 09:20:28 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3853 from 192.168.0.1:53
Feb  2 09:20:33 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3854 from 192.168.0.1:53
Feb  2 09:20:43 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3855 from 192.168.0.1:53
Feb  2 09:21:01 <kern.info> localhost /kernel: Connection attempt to UDP 192.168.0.1:3856 from 192.168.0.1:53

Sysctl log_in_vain is is set for both tcp & udp.

It has been like this for ages and so far I can find
neither an explanation as to why, no a way to fix it
(assuming it is some kind of breakage/misconfiguration).
OS is 4.9-stable as of 15 January, 2004.

There is indeed a Windows box at 192.168.0.2, but DNS is on
the FreeBSD machine, configured as cache-only (supposedly;
could be something not quite correct in that config...)

There are 2 network interfaces and the syslog indicates
(I think correctly) named listening on both of them when it
starts.  192.168.0/24 is on an internal interface/network;
the external interface gets its ip-address from the ISP
via DHCP.

What I'd like to do is 1. fix any errors/misconfigurations
that might be causing those messages and 2. keep the
cache-only nameserver, and have it run/query efficiently.

Any ideas/suggestions/suggested reading?

Thanks,

-kc

More information about the freebsd-stable mailing list