Some of the DIALUPs are being induced by DNS Requests
from your Windows Systems (typically at Boot and sometimes
during Login). When DNS is enabled on a Windows based
Machine, and NETBIOS is being performed via TCP/IP,
Windows Networking uses DNS as part of it's
NETBIOS Name Resolution (in conjunction with any
other NETBIOS Name Resolution Sources you have
enabled - like WINS, HOSTS File, LMHOSTS File - WHY
MICROSOFT DECIDED TO PERFROM IT NAME ARBITRATION
THIS WAY I DON'T KNOW. YOU WOULD THINK THE NETBIOS
NAME RESOLUTION LOGIC WOULD TRY THE OTHER
RESOLUTION RESOURCES FIRST).
The only solution I have found for this is to setup your
Linux System as a caching DNS Server, as well as,
setup your own local Domain. All the Systems on
you Network would then need to be included in this
Domain.
You will also see a DIALUP at Linux Boot Time due
to a DNS Request. This one you will have to live
with....
You can't filter the above DNS Requests via DIALD
Filters or Forwarding Denial Rules, because this
would prevent normal DNS from working correctly.
Jeff
----- Original Message -----
From: Beat Bolli <[EMAIL PROTECTED]>
To: Michael Doerner <[EMAIL PROTECTED]>; Jake Colman <[EMAIL PROTECTED]>
Cc: 'Edward Dekkers' <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, November 23, 1999 10:32 AM
Subject: Re: Two Steps Forward, Several Steps Back
> My /var/log/messages shows the following:
>
> Nov 23 09:24:56 firewall diald[2346]: Trigger: udp 192.168.0.100/61265
207.198.253.36/53
>
> Port 53 is for name server querying and the 207.x.x.x address is my ISP
> nameserver. The 192.x.x.x address is the remote address I specified to
> diald as the placeholder address. I have no idea was port 61265 is about.
> My local named did not make any entries in my messages log. BTW I think
> that the same thing happens when my win98 systems reboot too.
The high port number (>61000) indicates a masqueraded connection. If you do
a netstat -Mn immediately after this entry appears in messages, you'll see
the IP address of the client doing the DNS query. named always logs the port
number it uses to query other name servers, and it's always below 61000.
Hope this helps...
Beat Bolli
--
dware design & software GmbH
Mattenstrasse 11, CH-2555 Br�gg b. Biel
Telefon: +41 (32) 374 27 00, Telefax: +41 (32) 374 27 01
E-Mail: [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
