are these BIND errors....
Gary Kline
kline at ns1.thought.org
Thu Jun 28 23:08:31 UTC 2001
On Fri, Jun 29, 2001 at 12:11:15AM +0200, Brad Knowles wrote:
> At 11:53 AM -0700 6/28/01, Gary Kline wrote:
>
> > I just upgraded to FreeBSD 4.3. In named.conf, I have lots of
> > logging {} categories set. Probably these attempt messages are
> > coming from there. I haven't grep'd thru the BIND9 code...
> > yet.
>
> This isn't named logging anything. It's the kernel -- that's why
> the tag in the log file is "/kernel". What you've done is configured
> the system to log an error message for connection attempts on ports
> that are not being listened on. This is a standard feature of
> FreeBSD.
>
> From the man page on rc.conf(5) at
> <http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&sektion=5>:
>
>
> log_in_vain (bool) Set to NO by default. Setting to YES will enable
> logging of connection attempts to ports that have no lis-
> tening socket on them.
>
I think this hits the nail square on its head! Just 20 seconds
before I read your mail, I commented out my ^log_in_vain=YES
entry in /etc/rc.conf.
When I first jumped into BIND and running my own nameserver, *etc*,
a friend suggested that the ``log_in_vain'' entry would let me
track all the would be crackers. Before a few months ago I was
snug and secure behind my worksite's firewall... then, security
wasn't an issue. Security is very much an issue and I'm still
on the edge of a learning curve. Thanks to this list and newsgroup,
the curve is evening out.
thanks to everybody here,
-gary
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> /* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
> /* Represented as 1045 digit prime number by Phil Carmody */
> /* Prime as DNS cname chain by Roy Arends and Walter Belgers */
> /* */
> /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
> /* where title-key = "153 2 8 105 225" or other similar 5-byte key */
>
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
--
Gary D. Kline kline at thought.org www.thought.org Public service Unix
More information about the bind-users
mailing list