some service is causing DNS query and therefore dial out

DJ Boris dj_boris at mail.ru
Wed Apr 23 16:00:35 PDT 2003 

here is what "lsof -i" shows

COMMAND  PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
syslogd   63 root    4u  IPv6 0xc5d47ec0      0t0  UDP *:syslog
syslogd   63 root    5u  IPv4 0xc5d47e00      0t0  UDP *:syslog
named     66 root    4u  IPv4 0xc5d47d40      0t0  UDP *:rplay
named     66 root   20u  IPv4 0xc5d47c80      0t0  UDP fbsd.xx.xx:domain
named     66 root   21u  IPv4 0xc5d78d80      0t0  TCP fbsd.xx.xx:domain
(LISTEN)
inetd     72 root    4u  IPv4 0xc5d79e80      0t0  TCP *:ftp (LISTEN)
inetd     72 root    5u  IPv4 0xc5d79c60      0t0  TCP *:pop3 (LISTEN)
inetd     72 root    6u  IPv4 0xc5d79a40      0t0  TCP *:netbios-ssn
(LISTEN)
inetd     72 root    7u  IPv4 0xc5d47bc0      0t0  UDP *:netbios-ns
inetd     72 root    8u  IPv4 0xc5d79820      0t0  TCP *:swat (LISTEN)
sshd      76 root    3u  IPv4 0xc5d79600      0t0  TCP fbsd..xx.xx:ssh
(LISTEN)
sshd      79 root    4u  IPv4 0xc5d793e0      0t0  TCP
fbsd..xx.xx:ssh->d.xx.xx:3443 (ESTABLISHED)
sendmail 107 root    3u  IPv4 0xc5d791c0      0t0  TCP *:smtp (LISTEN)
sendmail 107 root    5u  IPv4 0xc5d7ad60      0t0  TCP *:submission (LISTEN)
nmbd     159 root    0u  IPv4 0xc5d47bc0      0t0  UDP *:netbios-ns
nmbd     159 root    1u  IPv4 0xc5d47bc0      0t0  UDP *:netbios-ns
nmbd     159 root    6u  IPv4 0xc5d47b00      0t0  UDP *:netbios-dgm

what is "rplay" - what worries me is that it is named itself....

here is my named.conf
========================
logging {

channel update_debug {

file "/var/log/update-debug.log";

severity debug 3;

print-category yes;

print-severity yes;

print-time yes;

};

channel security_info {

file "/var/log/named-auth.info";

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category update { update_debug; };

category security { security_info; };

};

options {

directory "/etc/namedb";

version "";

forward only;

forwarders {

xxx.xxx.xxx.xxx;

xxx.xxx.xxx.xxx;

};

notify no;

suppress-initial-notify yes;

listen-on {

192.168.0.1;

};

heartbeat-interval 0;

query-source address * port 5555;

};

key DHCP_UPDATER {

algorithm xxxxxxxxxxxxxxxxxx;

secret xxxxxxxxxxxxxxxxxxxxx;

};

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

dialup yes;

};

zone "localhost" {

type master;

file "localhost.zone";

dialup yes;

};

zone "xxx.xxx.xxx" {

type master;

file "xxx.xxx.xxx";

allow-update { key DHCP_UPDATER; };

dialup yes;

};

zone "0.168.192.in-addr.arpa" {

type master;

file "0.168.192.rev";

allow-update { key DHCP_UPDATER; };

dialup yes;

};

========================================
----- Original Message -----
From: "Philip Hallstrom" <philip at adhesivemedia.com>
To: "DJ Boris" <dj_boris at mail.ru>
Cc: "freebsd-questions" <freebsd-questions at freebsd.org>
Sent: Thursday, April 24, 2003 12:27 AM
Subject: Re: some service is causing DNS query and therefore dial out


> Install the lsof port and then run "lsof -i"  although be sure to tell it
> not to resolve ip addresses otherwise it will cause a dial out :)
>
>
> this might help track it down...
>
> -philip
>
> On Thu, 24 Apr 2003, DJ Boris wrote:
>
> > hi there,
> >
> > I am having a problem tracking down "something" that triggers a dial out
on
> > my
> >
> > FreeBSD 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Wed Oct  9 15:08:34 GMT 2002
> > root at builder.freebsdmall.com:/usr/obj/usr/src/sys/GENERIC  i386
> >
> > It is somethign trying to do a DNS query
> >
> > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP:
> > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (44/72)
> >
> > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP:
> > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (44/72)
> >
> > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP:
> > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (39/67)
> >
> > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP:
> > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (50/78)
> >
> > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP:
> > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (39/67)
> >
> > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP:
> > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (50/78)
> >
> >
> > I have sendmail but I have removed the "-q" flag so I only call that
from
> > ppp.linkup file. how can I track down what this service is? can anyone
give
> > me any ideas? this server is alone on the LAN at the moment?
> >
> > I have a DNS server running but I have heartbeat-interval set to 0.
> >
> > I have spent hours looking through the logs and tracking the times but I
> > don't seem to be able to identify what is causing this.
> >
> > can someone help me out here? what conf files do I need to give you?
> >
> > thanx a lot
> >
> > DJ Boris
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
> >
>

More information about the freebsd-questions mailing list