Problem with firewall
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Aug 23 13:10:57 UTC 2000
It's a reply to the query named made to find the current list of
root servers. Use a stateful firewall and allow answers to
going UDP packets or get named to bind(2) its query source with
using query-source.
Mark
>
> I've just set up our new DNS with BIND 8.2.2P5 on a Redhat 6.2. The
> DNS-Server works fine, but I saw something strange in the logfile of our
> firewall.
> It continuously gives me this packets, about 4 in a minute.
> What do I have to do?
>
> Packet 1: 00:E0:B6:01:7A:80 -> 00:20:AF:F3:35:34
> Network: Ethernet
> Frame type: 802.3, Frame size: 482
> Time: 16h:56m 06.842sec
> IP, 202.12.27.33 -> 192.168.200.1
> Source IP: 202.12.27.33, Destination IP: 192.168.200.1
> Version: 04, IP header length: 05 (32 bit words)
> Service type: 0: Precedence: 0, Delay: Norm, Throug: Norm, Reliab:
> Norm
> Total IP length: 464
> ID: B37Fh
> Fragments: No
> Time to live: 47
> PROTOCOL: [17] UDP
> Header checksum: 68C6 (GOOD)
> UDP, [53] -> [1034]
> Source port: [53] dns, Destination port: [1034]
> UDP length: 444, Checksum: 4377h (GOOD)
> DNS Section 0: 436 bytes
> Identification: 0x6715
> Flags: 0x8400
> Bits 0 to 3 : No error
> Bits 4 to 6 : These three bits must be zero
> Bit 7 : Recursion not available
> Bit 8 : Recursion not desired
> Bit 9 : Not truncated: reply returned in full
> Bit 10 : Authorative answer: True
> Bits 11 to 14: Standard Query
> Bit 15 : Message is a response
> Number of question records: 1
> Number of answer records: 13
> Number of authority records: 0
> Number of additional records: 13
> Question Records
> Question Record 1:
> Type: Name server
> Query class: IP address
> Answer records
> Answer record 1:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 20 bytes
> Resource Data: M.ROOT-SERVERS.NET
> Answer record 2:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: I.ROOT-SERVERS.NET (Pointer record)
> Answer record 3:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: E.ROOT-SERVERS.NET (Pointer record)
> Answer record 4:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: D.ROOT-SERVERS.NET (Pointer record)
> Answer record 5:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: A.ROOT-SERVERS.NET (Pointer record)
> Answer record 6:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: H.ROOT-SERVERS.NET (Pointer record)
> Answer record 7:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: C.ROOT-SERVERS.NET (Pointer record)
> Answer record 8:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: G.ROOT-SERVERS.NET (Pointer record)
> Answer record 9:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: F.ROOT-SERVERS.NET (Pointer record)
> Answer record 10:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: B.ROOT-SERVERS.NET (Pointer record)
> Answer record 11:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: J.ROOT-SERVERS.NET (Pointer record)
> Answer record 12:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: K.ROOT-SERVERS.NET (Pointer record)
> Answer record 13:
> Type: 2, Name server
> Class: 1; IP address
> Time to live: 518400 seconds
> Resource data length: 4 bytes
> Resource Data: L.ROOT-SERVERS.NET (Pointer record)
> Additional records
> Additional record 1: M.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 202.12.27.33
> Additional record 2: I.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 192.36.148.17
> Additional record 3: E.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 192.203.230.10
> Additional record 4: D.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 128.8.10.90
> Additional record 5: A.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 198.41.0.4
> Additional record 6: H.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 128.63.2.53
> Additional record 7: C.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 192.33.4.12
> Additional record 8: G.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 192.112.36.4
> Additional record 9: F.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 192.5.5.241
> Additional record 10: B.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 128.9.0.107
> Additional record 11: J.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 198.41.0.10
> Additional record 12: K.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 193.0.14.129
> Additional record 13: L.ROOT-SERVERS.NET (Pointer record)
> Type: 1, IP address
> Class: 1; IP address
> Time to live: 3600000 seconds
> Resource data length: 4 bytes
> Resource Data: 198.32.64.12
>
> RAW PACKET LISTING:
> 0000 00 20 AF F3 35 34 00 E0 B6 01 7A 80 08 00 45 00 . ¯ó54.à¶.z..E.
> 0010 01 D0 B3 7F 00 00 2F 11 68 C6 CA 0C 1B 21 C0 A8 .г../.hÆÊ..!À¨
> 0020 C8 01 00 35 04 0A 01 BC 43 77 67 15 84 00 00 01 È..5...¼Cwg....
> 0030 00 0D 00 00 00 0D 00 00 02 00 01 00 00 02 00 01 ................
> 0040 00 07 E9 00 00 14 01 4D 0C 52 4F 4F 54 2D 53 45 ..é....M.ROOT-SE
> 0050 52 56 45 52 53 03 4E 45 54 00 00 00 02 00 01 00 RVERS.NET.......
> 0060 07 E9 00 00 04 01 49 C0 1E 00 00 02 00 01 00 07 .é....IÀ........
> 0070 E9 00 00 04 01 45 C0 1E 00 00 02 00 01 00 07 E9 é....EÀ........é
> 0080 00 00 04 01 44 C0 1E 00 00 02 00 01 00 07 E9 00 ....DÀ........é.
> 0090 00 04 01 41 C0 1E 00 00 02 00 01 00 07 E9 00 00 ...AÀ........é..
> 00A0 04 01 48 C0 1E 00 00 02 00 01 00 07 E9 00 00 04 ..HÀ........é...
> 00B0 01 43 C0 1E 00 00 02 00 01 00 07 E9 00 00 04 01 .CÀ........é....
> 00C0 47 C0 1E 00 00 02 00 01 00 07 E9 00 00 04 01 46 GÀ........é....F
> 00D0 C0 1E 00 00 02 00 01 00 07 E9 00 00 04 01 42 C0 À........é....BÀ
> 00E0 1E 00 00 02 00 01 00 07 E9 00 00 04 01 4A C0 1E ........é....JÀ.
> 00F0 00 00 02 00 01 00 07 E9 00 00 04 01 4B C0 1E 00 .......é....KÀ..
> 0100 00 02 00 01 00 07 E9 00 00 04 01 4C C0 1E C0 1C ......é....LÀ.À.
> 0110 00 01 00 01 00 36 EE 80 00 04 CA 0C 1B 21 C0 3B .....6î..Ê..!À;
> 0120 00 01 00 01 00 36 EE 80 00 04 C0 24 94 11 C0 4A .....6î..À$.ÀJ
> 0130 00 01 00 01 00 36 EE 80 00 04 C0 CB E6 0A C0 59 .....6î..ÀËæ.ÀY
> 0140 00 01 00 01 00 36 EE 80 00 04 80 08 0A 5A C0 68 .....6î....ZÀh
> 0150 00 01 00 01 00 36 EE 80 00 04 C6 29 00 04 C0 77 .....6î..Æ)..Àw
> 0160 00 01 00 01 00 36 EE 80 00 04 80 3F 02 35 C0 86 .....6î..?.5À
> 0170 00 01 00 01 00 36 EE 80 00 04 C0 21 04 0C C0 95 .....6î..À!..À
> 0180 00 01 00 01 00 36 EE 80 00 04 C0 70 24 04 C0 A4 .....6î..Àp$.À¤
> 0190 00 01 00 01 00 36 EE 80 00 04 C0 05 05 F1 C0 B3 .....6î..À..ñÀ³
> 01A0 00 01 00 01 00 36 EE 80 00 04 80 09 00 6B C0 C2 .....6î....kÀÂ
> 01B0 00 01 00 01 00 36 EE 80 00 04 C6 29 00 0A C0 D1 .....6î..Æ)..ÀÑ
> 01C0 00 01 00 01 00 36 EE 80 00 04 C1 00 0E 81 C0 E0 .....6î..Á..Àà
> 01D0 00 01 00 01 00 36 EE 80 00 04 C6 20 40 0C .....6î..Æ @.Àà
> ---------------------------------------------------------------
> ---------------------------------------------------------------
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list