[gb-users] DNS anomolies

Sun, 08 Dec 2002 10:56:29 -0800 

I have the following alarms getting emailed to me way too much:

----------------------------------------------------------------------------
--------------------------
      ALARM NO: 2
          DATE: Sat 2002-12-07 14:33:39 GMT
      PRIORITY: 4
     INTERFACE: PSN (dc2)
INTERFACE TYPE: Private service network (PSN)
    ALARM TYPE: Block
     IP PACKET: UDP  [198.70.31.254/53]-->[198.70.30.1/2122]  l=163

[dns1.swiftsystems.com/domain]-->[stpeter.swiftsystems.com/2122]

DETAILED DESCRIPTION:
IP packet was rejected by filter 25.
----------------------------------------------------------------------------
--------------------------

Filter 25 is the catch all "deny all other access to all interfaces".  I am
running the SMTP proxy and my external DNS Server is configured to
198.70.31.254, which is actually a pass-through on the PSN.

DNS queries seem to be going fine (from the gnatbox) as ping by name works
without a hitch, but I get many (many) of these alarms every day showing
that traffic from port 53 (on the DNS server) to random ports on the gnatbox
PSN interface are being denied.  This sort of looks like replies from the
DNS server are getting blocked???  I am running 3.2.5s.  Is there a problem
with the virtual crack not letting responses back through?  I tore apart the
DNS server to make sure it was not referring to the firewall IP for any
reason (DNS or Network level) other than as a gateway IP address, it is not.

So next I tried to set up an "allow all protocols" filter so that the DNS
server can access from port 53 on the DNS server to ANY/ANY on the PSN
interface.  It would not let me save port 53 as the port number in the web
interface, weird so I set up a wide open any/any from the DNS server's IP to
the PSN interface.  I am still getting the alarms.  Has anyone seen anything
like this?  I'm feeling like I have run into "ze-bug" maybe.

Thanks,
-Vaughn

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
 http://www.mail-archive.com/[email protected]

Reply via email to