From owner-freebsd-questions@FreeBSD.ORG Mon Sep 29 14:41:22 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 478A216A4C0 for ; Mon, 29 Sep 2003 14:41:22 -0700 (PDT) Received: from kirk.dlee.org (pool-138-88-48-76.res.east.verizon.net [138.88.48.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12DAE43FA3 for ; Mon, 29 Sep 2003 14:41:21 -0700 (PDT) (envelope-from dgl@kirk.dlee.org) Received: from kirk.dlee.org (dgl@localhost.dlee.org [127.0.0.1]) by kirk.dlee.org (8.12.9/8.12.9) with ESMTP id h8TLfHX9073237; Mon, 29 Sep 2003 17:41:17 -0400 (EDT) (envelope-from dgl@kirk.dlee.org) Received: (from dgl@localhost) by kirk.dlee.org (8.12.9/8.12.9/Submit) id h8TLfGVT073236; Mon, 29 Sep 2003 17:41:16 -0400 (EDT) (envelope-from dgl) Date: Mon, 29 Sep 2003 17:41:15 -0400 From: Doug Lee To: freebsd-questions@freebsd.org Message-ID: <20030929214115.GH13983@kirk.dlee.org> Mail-Followup-To: Doug Lee , freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Bartimaeus Group User-Agent: Mutt/1.5.4i Subject: Why did named start sending UDP to 127.0.0.2:53 out my external interface? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2003 21:41:22 -0000 I have two FreeBSD 4.8-Stable boxen connected by a VPN (mpd) which, at just after 5 this morning and about five minutes apart, started generating ipfw logs like this: Sep 29 05:02:35 kirk /kernel: ipfw: 200 Deny UDP : 127.0.0.2:53 out via matches the UDP *:port binding of named, so I figure named is doing this (besides it being port 53). I shut down and restarted named on one box only to have it start the same behavior inside four minutes again. I then shut down the VPN link and then restarted named again (on the same box), and BOTH boxes stopped doing this. Funny thing though: The box on which I shut down named was about five minutes later than the other box at starting all this in the first place. Any ideas? I particularly don't know why named suddenly took interest in using address 127.0.0.2, besides wondering what triggered both boxes almost at once and why shutting down the connection stopped the problem in both places even though timestamps seem to point to the problem originating at the other end of the link from where I restarted named... -- Doug Lee dgl@dlee.org http://www.dlee.org Bartimaeus Group doug@bartsite.com http://www.bartsite.com "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' ('I found it!') but rather 'hmm.... that's funny...'" -- Isaac Asimov