Can anyone explain these messages
Jim Reid
jim at rfc1035.com
Tue Dec 5 23:45:58 UTC 2000
>>>>> "Mike" == O'Neill, Mike <mike.oneill at myflorida.com> writes:
Mike> Inside DNS server(168.82.56.50) behind our PIX firewall
Mike> encountering messages from an outside DNS
Mike> server(199.1.17.22).
Mike> 199.1.17.22 is not allowed inside our network.
That question is probably best answered by Cisco's PIX support
people. The above message looks like it's coming from the firewall,
not a name server. I'd guess at either a misconfiguration of the
firewall or else there's a backdoor route to 199.1.17.22 on your
network. ie Packets with 199.1.17.22 as a source address are being
picked up by internal network interface. The log messages you showed
suggest that the problem is just a warning, so perhaps the rejected
traffic is innocuous? Maybe something is broken on 199.1.17.22,
perhaps a misconfigured forwarding name server or resolver? Or maybe
it's picking up incorrent information from the DNS which says it can
query 168.82.56.50 for some name.
Mike> Contacted administrator for DNS at 199.1.17.22, they can not
Mike> ping to,traceroute to or access 168.82.56.50 via port 53
Mike> This is as it should be.
But could it be that an application or name server at 199.1.17.22 has
a valid reason to query your name server for something? You say that
access is denied to 199.1.17.22 and "this is as it should be", but if
that's the case, why is that sending queries to your name server?
There's no way anyone here can answer that unless you show packet
traces or query logs. Even then it's doubtful if anyone on the list
can help. You really need to sort this out with the administrator of
199.1.17.22.
Mike> Any ideas on what these DNS messages mean as seen in
Mike> 168.82.56.50's log ?
Mike> 001204 15:29:59 Dns Warning None 5506 NA
Mike> FDHCTLH00 DNS Server encountered invalid domain name offset in packet.
Mike> Offset is the error.
Mike> 001204 15:29:59 Dns Warning None 5504 NA
Mike> FDHCTLH00 DNS Server encountered invalid domain name in packet from
Mike> 199.1.17.22. Packet is rejected.
Again, ask whoever supports your PIX box. These messages do not
resemble anything that a BIND implementation reports.
More information about the bind-users
mailing list