Unexplained bind related messages in log files
Joel
jc517 at wmi.com
Tue Apr 6 13:53:44 UTC 2004
I'm getting messages in /var/log/messages that I can't correlate to
normal behavior. They are actually coming from my PIX firewall but
they are related to bind. The internal side has version 8.2.2-P7
and the external side uses version 9.2.1. It seems to be running
without errors. I get no complaints from users or systems daemons.
A couple times I day I get messages in the log file that a UDP
message from the external bind to the internal bind is blocked.
The external is a forwarder for the internal. Does anyone have
any hints on how to track this down. Would the external server
ever send an unsolicited message to the internal server? I don't
think this is likely. It's not setup to be a slave. Also, how would
it know what udp port to use? I've let the messages go through and
sniffed packets but can't seem to find the rogue packets. When I do
this the messages in the log file go away and all I have is a large
pile of packets to sift through. What logging could I turn on in
the servers to assist me? Any hints would be greatly appreciated.
Thanks,
- Joel
More information about the bind-users
mailing list