DNS local problem (query loop)
Nicolas LIENARD
nlienard at fr.colt.net
Sun Jan 2 15:04:58 UTC 2005
Hi,
OS: FreeBSD 5.3 with Jail system.
BIND: 9.3.0 (no chroot)
HOST: 192.168.1.1 (ANUBIS)
DNS JAIL IP: 192.168.1.2 (THOT)
Everything works very well but i ve strange somethings in log.
When i activated querylog (rndc querylog), i ve loop query from the dns itself:
[...]
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#63917: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#65331: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#49792: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#51018: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#63537: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#62296: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#52123: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#53431: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#63788: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#59672: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#57211: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#65058: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#56968: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#52403: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#55472: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#59002: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#65469: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#51115: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
[...]
anubis# grep "view internal: query: 2.1.168.192.in-addr.arpa" /var/log/all.log | wc -l
1272808
:-((
If i dig this entry, it works:
thot# dig 2.1.168.192.in-addr.arpa PTR
; <<>> DiG 9.3.0 <<>> 2.1.168.192.in-addr.arpa PTR
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10916
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;2.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
2.1.168.192.in-addr.arpa. 3600 IN PTR thot.crystunix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.coltfrance.com.
1.168.192.in-addr.arpa. 3600 IN NS ns0.crystunix.com.
1.168.192.in-addr.arpa. 3600 IN NS ns0.coltfrance.com.
;; ADDITIONAL SECTION:
ns0.crystunix.com. 600 IN A 192.168.1.2
ns0.coltfrance.com. 170896 IN A 195.68.0.11
ns1.coltfrance.com. 170896 IN A 195.68.0.12
;; Query time: 76 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Sun Jan 2 15:45:05 2005
;; MSG SIZE rcvd: 187
My reverse zone:
thot# cat /etc/namedb/internal/rev/1.168.192.in-addr.arpa.db
$TTL 3600
@ IN SOA ns0.crystunix.com. thot.crystunix.com. (
2004042605 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns0.crystunix.com.
IN NS ns0.coltfrance.com.
IN NS ns1.coltfrance.com.
1 IN PTR seth-gw.crystunix.com.
2 IN PTR thot.crystunix.com.
5 IN PTR andi.crystunix.com.
20 IN PTR portable.crystunix.com.
I'm using "view" for local network and for internet.
Only local view has recursion.
For crystunix.com zone, in internet view, i m using public ip and private ip for internal view.
My configuration (named.conf):
###############################
## ACL #####
##############################
acl home {
localhost;
192.168.1.0/24;
192.168.2.0/24;
192.168.3.0/24;
10.0.0.0/24;
195.68.88.112/29;
};
acl gok {
82.66.146.120/32;
};
acl tayo {
213.56.44.210/32;
};
acl thot {
192.168.1.2/32;
};
###################################
####### OPTIONS ##########
###################################
options {
directory "/etc/namedb";
version "THOT Server";
pid-file "/var/run/named/pid";
query-source address 192.168.1.2 port *;
listen-on port 53 { 192.168.1.2; };
datasize default;
stacksize default;
coresize default;
files unlimited;
notify yes;
auth-nxdomain yes;
lame-ttl 444;
transfer-format one-answer;
cleaning-interval 60;
interface-interval 60;
transfers-in 20;
transfers-per-ns 10;
transfers-out 10;
max-transfer-time-in 4;
};
#####################################
#### RNDC KEY CONFIGURATION ###
#####################################
Include "/etc/namedb/rndc.key";
controls {
inet 192.168.1.2 allow { 192.168.1.2; } keys { rndc-key; };
};
######################################
### LOG #####
######################################
// reduce log verbosity on issues outside our control
logging {
channel queries {
syslog local7;
severity info;
};
category lame-servers { null; };
# category cname { null; };
};
#########################################
#### VUE RESEAU LOCAL ###
#########################################
view "internal" {
match-clients { home; };
recursion yes;
allow-query { home; };
forwarders {
195.68.0.1;
195.68.0.2;
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "/etc/namedb/internal/rev/localhost.rev";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/internal/rev/1.168.192.in-addr.arpa.db";
};
zone "2.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/internal/rev/2.168.192.in-addr.arpa.db";
};
zone "3.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/internal/rev/3.168.192.in-addr.arpa.db";
};
zone "crystunix.com" {
type master;
file "/etc/namedb/internal/com/crystunix.com.db";
};
};
#########################################
#### VUE EXTERNE ###
#########################################
view "internet" {
match-clients { any; !home; };
recursion no;
allow-transfer { 195.68.1.0/24; 195.68.0.12; 195.68.0.0/25; 195.68.75.0/25; 213.41.78.66; };
allow-query { any; };
zone "crystunix.com" {
type master;
file "/etc/namedb/com/crystunix.com.db";
};
Processus on the jail box:
thot# ps auxw
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 32821 1.7 0.2 1348 780 ?? SsJ 3:00PM 2:03.91 /usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -s
root 1061 0.0 0.0 3364 216 ?? SsJ Mon08PM 0:01.38 /usr/sbin/sshd
root 1079 0.0 0.0 1384 248 ?? IsJ Mon08PM 0:03.28 /usr/sbin/cron -s
bind 86454 0.0 1.0 6928 5192 ?? SsJ 3:30PM 4:21.57 /usr/sbin/named -u bind -t /var/named
root 25100 0.0 0.1 1364 716 pg R+J 3:52PM 0:00.00 ps auxw
root 87772 0.0 0.1 2276 752 pg SJ Thu07PM 0:01.19 /bin/csh
I don't know why the dns is querying itself, and any suggestions are welcome.
Thanks in advance and happy new year !
Regards
nicolas
More information about the bind-users
mailing list