refresh: failure, after setting up new bind bind-9.2.0 server
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Apr 4 01:38:27 UTC 2002
> Alright, Again thank you for everyone's help.
>
> 1) I setup my bind servers to send replies on port 53. This seems to 'fix'
> things since the ISP in Washington blocks all UDP traffic above port 1024.
> (Having those packets blocked helps in the event of a DOS attack, but has
> been a pain in my butt)
>
> However, I still seem to have an issue. Learning TCPDUMP has been helpful.
> I'm now seeing the replies from our Master name server. But our syslog
> server on the Slave name server still receives time out messages, but
> thankfully nothing more. (Doesn't appear I'm getting the "giving up"
> message)
TCPDUMP sees the packets before they are processed by the
firewall (ipchains, ipfw, ipf) in the nameserver.
Also see transfer-source.
>
> Here is a snip of our log, and a corresponding snip of tcpdump. Maybe
> someone can see something I'm not.
>
> /var/log/messages
> ==============
> [SNIP]
> Apr 3 15:29:34 secure3 named[32402]: zone agourmet.com/IN: refresh: failure
> trying master 216.168.47.158#53: timed out
> Apr 3 15:29:47 secure3 named[32402]: zone dmlaw.org/IN: refresh: failure
> trying master 216.168.47.158#53: timed out
> Apr 3 15:29:55 secure3 named[32402]: zone depreztravel.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:30:10 secure3 named[32402]: zone depreztravel.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:30:43 secure3 named[32402]: zone dmaconsumerhelp.net/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:31:21 secure3 named[32402]: zone dearborn-mi.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:31:31 secure3 named[32402]: zone prservices.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:32:55 secure3 named[32402]: zone pharmacyconsultants.org/IN:
> refresh: failure trying master 216.168.47.158#53: timed out
> Apr 3 15:33:25 secure3 named[32402]: zone pr-factory.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:33:25 secure3 named[32402]: zone phoenixcommunication.com/IN:
> refresh: failure trying master 216.168.47.158#53: timed out
> Apr 3 15:35:15 secure3 named[32402]: zone 96.233.206.in-addr.arpa/IN:
> refresh: failure trying master 216.168.47.158#53: timed out
> Apr 3 15:35:42 secure3 named[32402]: zone buyland.com/IN: refresh: failure
> trying master 216.168.47.158#53: timed out
> Apr 3 15:36:08 secure3 named[32402]: zone dmalatinoamerica.org/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Apr 3 15:36:12 secure3 named[32402]: zone copycopycenter.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> [/SNIP]
>
> TCPDUMP
> ==========
> [SNIP]
> 15:34:37.584301 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 34956* 1/2/2 (167)
> 15:34:39.765509 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 50246 SOA? outletshoppingguide.com.
> (41) (DF)
> 15:34:39.844064 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 50246* 1/2/2 SOA[|domain]
> 15:34:40.415505 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 29013 SOA? apartments-slatkin.com.
> (40) (DF)
> 15:34:40.494508 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 29013* 1/2/2 SOA[|domain]
> 15:34:41.835504 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 8373 SOA? dmanetmarketing.com. (37)
> (DF)
> 15:34:41.914790 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 8373* 1/2/2 SOA[|domain]
> 15:34:43.235490 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 28269 SOA? nubianlovestyle.com. (37)
> (DF)
> 15:34:43.318617 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 28269* 1/2/2 SOA[|domain]
> 15:34:44.495490 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 42061 SOA? all-around-the-house.com.
> (42) (DF)
> 15:34:44.580552 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 42061* 1/2/2 SOA[|domain]
> 15:34:48.445525 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 63146 SOA? phomsopha.com. (31) (DF)
> 15:34:48.524026 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 63146* 1/2/2 SOA[|domain]
> 15:34:48.945549 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 64341 SOA? get-authenticity.com. (38)
> (DF)
> 15:34:49.041422 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 64341* 1/2/2 SOA[|domain]
> 15:34:49.375517 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 35336 SOA? amwamich.org. (30) (DF)
> 15:34:49.454870 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 35336* 1/2/2 SOA[|domain]
> 15:34:50.655491 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 17668 SOA? dmaconsumers.com. (34)
> (DF)
> 15:34:50.735649 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 17668* 1/2/2 SOA[|domain]
> 15:34:54.095507 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 37220 SOA? dmalistvision.com. (35)
> (DF)
> 15:34:54.173981 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 37220* 1/2/2 SOA[|domain]
> 15:34:59.585532 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 18610 SOA? aperfectgreen.com. (35)
> (DF)
> 15:34:59.664245 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 18610* 1/2/2 SOA[|domain]
> 15:35:00.095484 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 9305 SOA? 96.233.206.in-addr.arpa.
> (41) (DF)
> 15:35:01.885539 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 25873 SOA? cheapvacuums.com. (34)
> (DF)
> 15:35:01.964181 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 25873* 1/2/2 SOA[|domain]
> 15:35:08.145547 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 3173 SOA? depreztravel.com. (34) (DF)
> 15:35:08.225128 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 3173* 1/2/2 SOA[|domain]
> 15:35:08.645555 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 43504 SOA? dmaannual.org. (31) (DF)
> 15:35:08.724333 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 43504* 1/2/2 SOA[|domain]
> 15:35:09.295521 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 10771 SOA? newmandevelopment.com.
> (39) (DF)
> 15:35:09.406246 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 10771* 1/2/2 SOA[|domain]
> 15:35:09.805466 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 38825 SOA? dmapharmaceutical.com.
> (39) (DF)
> 15:35:09.883960 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 38825* 1/2/2 SOA[|domain]
> 15:35:10.965478 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 27451 SOA? thedma.org. (28) (DF)
> 15:35:11.044061 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 27451* 1/2/2 SOA[|domain]
> 15:35:14.915497 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 62163 SOA? dmacouncils.com. (33) (DF)
> 15:35:14.993918 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 62163* 1/2/2 SOA[|domain]
> 15:35:15.475785 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 27916 SOA? 96.233.206.in-addr.arpa.
> (41) (DF)
> 15:35:15.555629 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 27916* 1/2/2 SOA[|domain]
> 15:35:17.415494 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 46726 SOA? dmaconsumerhelp.net. (37)
> (DF)
> 15:35:17.494971 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 46726* 1/2/2 SOA[|domain]
> 15:35:22.585558 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 56131 SOA? dmaconsumerhelp.com. (37)
> (DF)
> 15:35:22.664758 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 56131* 1/2/2 SOA[|domain]
> 15:35:24.635530 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 40891 SOA? dmainteractive.com. (36)
> (DF)
> 15:35:24.723492 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 40891* 1/2/2 SOA[|domain]
> 15:35:26.145852 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 31491 SOA? directmailassociation.com.
> (43) (DF)
> 15:35:26.224576 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 31491* 1/2/2 (164)
> 15:35:27.615505 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 5029 SOA? buyland.com. (29) (DF)
> 15:35:29.465514 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 33354 SOA? americanbulkfood.com. (38)
> (DF)
> 15:35:29.545202 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 33354* 1/2/2 SOA[|domain]
> 15:35:34.795511 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 54541 SOA? wsuhousing.com. (32) (DF)
> 15:35:34.874347 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 54541* 1/2/2 SOA[|domain]
> 15:35:35.965502 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 17625 SOA? 52.69.209.in-addr.arpa.
> (40) (DF)
> 15:35:36.043822 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 17625* 1/2/2 SOA[|domain]
> 15:35:39.225502 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 39674 SOA? smartshopping.org. (35)
> (DF)
> 15:35:39.304363 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 39674* 1/2/2 SOA[|domain]
> 15:35:42.625593 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 9904 SOA? buyland.com. (29) (DF)
> 15:35:42.704590 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 9904* 1/2/2 SOA[|domain]
> 15:35:50.785523 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 51651 SOA?
> federationofnonprofits.org. (44) (DF)
> 15:35:50.864119 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 51651* 1/2/2 (168)
> 15:35:52.515530 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 1708 SOA? dmanetmarketing.org. (37)
> (DF)
> 15:35:52.594468 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 1708* 1/2/2 SOA[|domain]
> 15:35:53.025464 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 854 SOA? dmalatinoamerica.org. (38)
> (DF)
> 15:35:54.125502 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 16529 SOA? prservices.com. (32) (DF)
> 15:35:54.205243 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 16529* 1/2/2 SOA[|domain]
> 15:35:54.645512 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 46954 SOA? directmailassociation.org.
> (43) (DF)
> 15:35:54.731307 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 46954* 1/2/2 (167)
> 15:35:57.445765 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 60884 SOA? copycopycenter.com. (36)
> (DF)
> 15:35:59.665502 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 16026 SOA? americangourmet.com. (37)
> (DF)
> 15:35:59.744659 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 16026* 1/2/2 SOA[|domain]
> 15:36:01.157236 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 25323 SOA? dmapharmaceutical.org.
> (39) (DF)
> 15:36:01.236734 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 25323* 1/2/2 SOA[|domain]
> 15:36:01.985507 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 53308 SOA? help-u-sellrealty.com.
> (39) (DF)
> 15:36:02.092126 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 53308* 1/2/2 SOA[|domain]
> 15:36:02.495518 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 30269 SOA? 130.69.209.in-addr.arpa.
> (41) (DF)
> 15:36:02.573899 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 30269* 1/2/2 SOA[|domain]
> 15:36:08.035596 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 57602 SOA? dmalatinoamerica.org. (38)
> (DF)
> 15:36:08.115509 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 57602* 1/2/2 SOA[|domain]
> 15:36:10.935533 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 28801 SOA? cybersavvy.org. (32) (DF)
> 15:36:11.014267 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 28801* 1/2/2 SOA[|domain]
> 15:36:12.455560 secure3.annis.com.domain >
> ip-216.168.47.colo.forest.net.domain: 49455 SOA? copycopycenter.com. (36)
> (DF)
> 15:36:12.534867 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.domain: 49455* 1/2/2 SOA[|domain]
> [/SNIP]
>
>
> Thank you again!!
>
> -Brett
>
>
>
> "Barry Margolin" <barmar at genuity.net> wrote in message
> news:a8a9rt$9d0 at pub3.rc.vix.com...
> > In article <a8a5sa$7f9 at pub3.rc.vix.com>,
> > Brett A. Hansen <brett at annis.com> wrote:
> > >Yes it does appear things are being blocked. Our ISP has been known to
> > >block almost all UDP packets above 1024. This has caused us issues with
> TFTP
> > >in the past. How do I setup BIND to the UDP replies occur on a specified
> > >port? Is this possible?
> >
> > The option 'query-source * port 53;' will force queries to be sent out
> with
> > source port 53.
> >
> > --
> > Barry Margolin, barmar at genuity.net
> > Genuity, Woburn, MA
> > *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
> newsgroups.
> > Please DON'T copy followups to me -- I'll assume it wasn't posted to the
> group.
> >
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list