On Thu, 15 Jul 1999, Roger Blake wrote:
> The problem I'm having with diald is that it immediately starts dialing out as
> soon as it initializes. This is apparently in reponse to Netbios name
> resolution requests sent out by the Windoze systems, as evidenced by
> messages such as the following in the system log file:
>
> diald[1381]: Trigger: udp 172.16.0.201/1024 128.9.0.107/53
Surely you should have firewall rules to prevent *any* private
IP spaces being forwarded to the wide world. Or are you just
blindly masquerading *everything*?
You want to turn query logging on on name (killall -WINCH named)
and watch the logs. Assuming, of courses, that you have a caching
name server running and that the Windows machines are set up to
use it. Once you know what queries are happening you can work
to fix them or have your named return some "authoritative replies"
(aka bald faced lies).
If you are not running a caching name server you had better
set one up (or start trying to get Microsoft to rewrite Windows
so it works sensibly in the presence of demand dialled network
links). You *could* use tcpdump to see what queries are going
out and then add rules to diald to filter them by peeking at
the data portion of packets. I don't know anyone that has done
that though and anyone that has to ask probably wouldn't know
where to start :-).
> This seems to be a very common problem, judging from the very large
> number of Usenet articles found on this topic via Deja News. I've tried just
> about every suggestion I've found so far to no avail.
1. Set up a caching name server.
2. Block forwarding of all private IP spaces with firewall rules.
3. If/when machines break they need pointing at your internal
name server. And, preferably, *only* to your internal server(s).
4. Turn on query logging and watch the log files.
5. Set up primary domains as needed so you can return answers
to queries for internal and plain dumb queries without
passing them externally.
6. Repeat at intervals as necessary.
Mike
--
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: [EMAIL PROTECTED] |
| 280, Silverdale Road, Earley, | Voice: +44 118 926 6996 |
| Reading RG6 7NU ENGLAND | Work: +44 118 989 0403 |
`----------------------------------------------------------------------'
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
