Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Apr 2003 15:17:51 -0700 (PDT)
From:      Oleg Polyakov <opolyakov@yahoo.com>
To:        freebsd-net@freebsd.org
Subject:   Re: BIND-8/9 interface bug? Or is it FreeBSD?
Message-ID:  <20030418221751.69748.qmail@web10402.mail.yahoo.com>
In-Reply-To: <20030418201645.GA77986@parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--- Jeremy Chadwick <freebsd@jdc.parodius.com> wrote:
> Oleg:
> 
>         I tried your recommendation of commenting out the transfer-source
>         line, and within a few moments of running this:
> 
> ipfw zero 1005 && ndc stop && /usr/sbin/named -u bind -g bind
> 
>         ...saw the following in our security syslog:
> 
> Apr 18 13:11:09 pentarou /kernel: ipfw: Entry 1005 cleared.
> Apr 18 13:11:33 pentarou /kernel: ipfw: 1005 Deny UDP 10.0.0.1:53
> 64.71.184.190:53 out via fxp0
> Apr 18 13:12:04 pentarou last message repeated 5 times
> 
>         ...and our named syslog:
> 
> Apr 18 13:11:33 pentarou named[77949]: ns_req: sendto([64.71.184.190].53):
> Permission denied
> 
>         So, it doesn't look like that's the offender.  :-)
> 
>         By the way, something I didn't cover: 64.71.184.190 is our
>         secondary nameserver's WAN IP.  It's private is 10.0.0.2.
Possibly it's asymmetrical traffic. UDP query comes from that secondary through
fxp1 and replay goes through fxp0 and got filtered out. Just run
tcpdump -i fxp1 port 53 udp
and check if there are anything unusual as packets from 64.71.184.190.

>         I'm still wondering why tcpdump isn't catching the I/O...
I believe tcpdump catches everything after IPFW - you have to open
firewall to check what those packets are...
 
> -- 
> | Jeremy Chadwick                                   jdc@parodius.com |
> | Parodius Networking                       http://www.parodius.com/ |
> | UNIX Systems Administrator                  Mountain View, CA, USA |
> | Making life hard for others since 1977.                            |
> 
> On Fri, Apr 18, 2003 at 01:09:36PM -0700, Oleg Polyakov wrote:
> > You may want to comment out line:
> > //         transfer-source 10.0.0.1;
> > 
> > Transfers to 10.0.0.0 should choose address 10.0.0.1 automagically.
> > Transfers elsewhere should use zone-relevant transfer-source option.
> > 

=== message truncated ===


__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030418221751.69748.qmail>