non-query socket errors coming to port 53
Jim Reid
jim at rfc1035.com
Thu May 17 19:26:04 UTC 2001
>>>>> "susan" == susan hall <suehall at prodigy.net> writes:
susan> 17-May-2001 13:21:17.922 refused query on non-query socket
susan> from [64.20.240.240].1554
susan> But all the servers here running named send queries on port
susan> 53, without these errors. All are configured with the
susan> query-source address set.
Are you sure about that? What's in the name server logs at start-up or
after a reload? How about running lsof on named to check what files
and sockets it is actually using?
The above error message implies that the name server is not using port
53 when it makes outgoing queries. It's complaining because it's
getting queries on the socket (port number) it is using. The default
behaviour in BIND[89] is to use a random unprivileged port number when
querying other name servers. tese queries are *sent* to port 53
obviously. Nothing should be sending data to that outbound query port
number. So it looks like you haven't set up query-source
correctly. And there's probably something doing a port scan of your
name server. When it sends something to the port number that the name
server is using for its outbound queries, the server logs this
message, believing the data it got was a query, whether it was a DNS
query or not.
More information about the bind-users
mailing list