named error messages in log file, how to fix?
Brad Knowles
brad.knowles at skynet.be
Mon Jun 25 06:58:03 UTC 2001
At 5:37 PM -0400 6/24/01, zz at rockstone.com wrote:
> thanks for your reply, I had the PC using tcp ip as default
> protocol,
That's fine.
> and I think this is not Win98's problem, but
> bind configuraiton problem.
Nope. This has absolutely nothing whatsoever to do with BIND.
BIND is not listening on ports 137-139, indeed nothing is. That's
why your Linux box is trying to send a "host unreachable" response
back to the PC, but the PC isn't listening for that.
> I did have blocking in place blocking to 53 from outsiders
> as shown in the /var/log/messages:
No, you don't want that. Not unless you want to cut yourself off
from the entire rest of the Internet and prevent you from doing DNS
queries.
> Jun 24 17:08:24 luna kernel: Packet log: input REJECT eth1
> PROTO=6 217.57.55.91:3662 luna:111 L=60 S=0x00 I=36326
> F=0x4000 T=44 SYN (#116)
> Jun 24 17:32:56 luna kernel: Packet log: input REJECT eth1
> PROTO=6 210.207.56.2:3029 luna:53 L=60 S=0x00 I=42695
> F=0x4000 T=42 SYN (#113)
Actually, I know absolutely nothing of how Linux does firewalling
or packet filtering, but this would seem to show you blocking an
*incoming* packet on port 53. You don't want to do that, either --
your server will probably be making queries from port 53, and you
want to be able to receive responses.
> Btw, what does /etc/named.conf should look like? I am trying to modify
> it, and now I have it as is, am I correct with the ACL list?
> Should I get rid of the 'key' options? thanks
Take a look at <ftp://ftp.ripe.net/ripe/docs/ripe-192.txt>.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list