I'm getting unusual errors from my dns server and firewall relating to an invalid private ip. The errors are as follows:
Bind 8 reports: Nov 20 09:59:24 mercury named[338]: ns_resp: sendto([10.168.0.11].53): Operation not permitted Netfilter logging reports several instances of this: Nov 20 09:59:24 mercury kernel: OUTPUT: IN= OUT=eth1 SRC=64.65.177.82 DST=10.168.0.11 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1024 DPT=53 LEN=59 Nov 20 09:59:24 mercury kernel: OUTPUT: IN= OUT=eth1 SRC=64.65.177.82 DST=10.168.0.10 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1024 DPT=53 LEN=59 My firewall rules don't allow external connections to the 10.x address space. What I suspect is occuring is that some dns server out there has an NS record pointing to 10.168.0.11 and .10. One of my clients tries to connect to a domain, which goes through the chain to the above NS record. Bind 8 tries to look it up, but my firewall rules don't allow it. I'm soliciting ideas on how to trace this out. I suppose increasing the logging of bind is the way to go, but which category? Other ideas? Thanks, Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
