Date: Thu, 24 Apr 2003 01:00:24 +0200 From: "DJ Boris" <dj_boris@mail.ru> To: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: some service is causing DNS query and therefore dial out Message-ID: <017901c309ec$205fb1a0$6300a8c0@d> References: <012501c309e6$23c2e890$6300a8c0@d> <20030423152619.U9680@tigger.alkinetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
here is what "lsof -i" shows COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslogd 63 root 4u IPv6 0xc5d47ec0 0t0 UDP *:syslog syslogd 63 root 5u IPv4 0xc5d47e00 0t0 UDP *:syslog named 66 root 4u IPv4 0xc5d47d40 0t0 UDP *:rplay named 66 root 20u IPv4 0xc5d47c80 0t0 UDP fbsd.xx.xx:domain named 66 root 21u IPv4 0xc5d78d80 0t0 TCP fbsd.xx.xx:domain (LISTEN) inetd 72 root 4u IPv4 0xc5d79e80 0t0 TCP *:ftp (LISTEN) inetd 72 root 5u IPv4 0xc5d79c60 0t0 TCP *:pop3 (LISTEN) inetd 72 root 6u IPv4 0xc5d79a40 0t0 TCP *:netbios-ssn (LISTEN) inetd 72 root 7u IPv4 0xc5d47bc0 0t0 UDP *:netbios-ns inetd 72 root 8u IPv4 0xc5d79820 0t0 TCP *:swat (LISTEN) sshd 76 root 3u IPv4 0xc5d79600 0t0 TCP fbsd..xx.xx:ssh (LISTEN) sshd 79 root 4u IPv4 0xc5d793e0 0t0 TCP fbsd..xx.xx:ssh->d.xx.xx:3443 (ESTABLISHED) sendmail 107 root 3u IPv4 0xc5d791c0 0t0 TCP *:smtp (LISTEN) sendmail 107 root 5u IPv4 0xc5d7ad60 0t0 TCP *:submission (LISTEN) nmbd 159 root 0u IPv4 0xc5d47bc0 0t0 UDP *:netbios-ns nmbd 159 root 1u IPv4 0xc5d47bc0 0t0 UDP *:netbios-ns nmbd 159 root 6u IPv4 0xc5d47b00 0t0 UDP *:netbios-dgm what is "rplay" - what worries me is that it is named itself.... here is my named.conf ======================== logging { channel update_debug { file "/var/log/update-debug.log"; severity debug 3; print-category yes; print-severity yes; print-time yes; }; channel security_info { file "/var/log/named-auth.info"; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update_debug; }; category security { security_info; }; }; options { directory "/etc/namedb"; version ""; forward only; forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; }; notify no; suppress-initial-notify yes; listen-on { 192.168.0.1; }; heartbeat-interval 0; query-source address * port 5555; }; key DHCP_UPDATER { algorithm xxxxxxxxxxxxxxxxxx; secret xxxxxxxxxxxxxxxxxxxxx; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; dialup yes; }; zone "localhost" { type master; file "localhost.zone"; dialup yes; }; zone "xxx.xxx.xxx" { type master; file "xxx.xxx.xxx"; allow-update { key DHCP_UPDATER; }; dialup yes; }; zone "0.168.192.in-addr.arpa" { type master; file "0.168.192.rev"; allow-update { key DHCP_UPDATER; }; dialup yes; }; ======================================== ----- Original Message ----- From: "Philip Hallstrom" <philip@adhesivemedia.com> To: "DJ Boris" <dj_boris@mail.ru> Cc: "freebsd-questions" <freebsd-questions@freebsd.org> Sent: Thursday, April 24, 2003 12:27 AM Subject: Re: some service is causing DNS query and therefore dial out > Install the lsof port and then run "lsof -i" although be sure to tell it > not to resolve ip addresses otherwise it will cause a dial out :) > > > this might help track it down... > > -philip > > On Thu, 24 Apr 2003, DJ Boris wrote: > > > hi there, > > > > I am having a problem tracking down "something" that triggers a dial out on > > my > > > > FreeBSD 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Wed Oct 9 15:08:34 GMT 2002 > > root@builder.freebsdmall.com:/usr/obj/usr/src/sys/GENERIC i386 > > > > It is somethign trying to do a DNS query > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (44/72) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (44/72) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (39/67) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (50/78) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (39/67) > > > > Apr 24 00:01:42 fbsd ppp[45]: tun0: TCP/IP: OUT UDP: > > xxx.xxx.xxx.xxx:1040 ---> xxx.xxx.xxx.xxx:53 (50/78) > > > > > > I have sendmail but I have removed the "-q" flag so I only call that from > > ppp.linkup file. how can I track down what this service is? can anyone give > > me any ideas? this server is alone on the LAN at the moment? > > > > I have a DNS server running but I have heartbeat-interval set to 0. > > > > I have spent hours looking through the logs and tracking the times but I > > don't seem to be able to identify what is causing this. > > > > can someone help me out here? what conf files do I need to give you? > > > > thanx a lot > > > > DJ Boris > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?017901c309ec$205fb1a0$6300a8c0>