Re: error sending response log messages
In article glpv2m$2l4...@sf1.isc.org, Andre LeClaire alecla...@yahoo.com wrote: Mark Andrews wrote: In message 497caef2.80...@yahoo.com, Andre LeClaire writes: Hello everyone, I've been seeing these syslog messages for about a week on a FreeBSD server running BIND 9.4.3-P1: Jan 25 02:35:21 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 03:43:32 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 04:49:59 asimov named[145]: client 206.71.158.30#139: error sending response: permission denied Jan 25 05:15:40 asimov named[145]: client 66.230.160.1#139: error sending response: permission denied Jan 25 07:45:11 asimov named[145]: client 206.71.158.30#139: error sending response: permission denied Jan 25 07:56:26 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 08:10:29 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 08:54:34 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 09:16:41 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 10:03:51 asimov named[145]: client 206.71.158.30#445: error sending response: permission denied Ports 135-139 and 445 are denied by the firewall on the outside interface. Why do you care about what port you are sending to? Just allow named to send its replies. Ports 135-139 and 445 are blocked on the outside interface to protect the Windows networks on the inside, which use those ports, from the savage Internet. You seem to be saying that you are blocking incomming traffic on those ports, but the above errors suggest that you are allowing incomming queries on those ports but blocking the outgoing reply. I don't understand why you would do that. Are you saying that it's normal for named to send replies on those ports? Also, the server has been up for over 3 years with no problems, and these errors just started happening last week. New versions of Bind, and perhaps other dns implementations, make queries on random ports and use a wider range of ports than before. This is to work around a security issue. You are probably seeing the efects of other sites upgrading their dns servers. You should adjust your firewall to allow replies from Bind on any port. Andre -- Tom Schulz sch...@adi.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
error sending response log messages
Hello everyone, I've been seeing these syslog messages for about a week on a FreeBSD server running BIND 9.4.3-P1: Jan 25 02:35:21 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 03:43:32 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 04:49:59 asimov named[145]: client 206.71.158.30#139: error sending response: permission denied Jan 25 05:15:40 asimov named[145]: client 66.230.160.1#139: error sending response: permission denied Jan 25 07:45:11 asimov named[145]: client 206.71.158.30#139: error sending response: permission denied Jan 25 07:56:26 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 08:10:29 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 08:54:34 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 09:16:41 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 10:03:51 asimov named[145]: client 206.71.158.30#445: error sending response: permission denied Ports 135-139 and 445 are denied by the firewall on the outside interface. It looks like it might be some kind of Windows exploit, but I've Googled and searched the BIND mailing lists, and haven't found any clues yet. Has anybody else seen this? Thanks! Andre ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: error sending response log messages
In message 497caef2.80...@yahoo.com, Andre LeClaire writes: Hello everyone, I've been seeing these syslog messages for about a week on a FreeBSD server running BIND 9.4.3-P1: Jan 25 02:35:21 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 03:43:32 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 04:49:59 asimov named[145]: client 206.71.158.30#139: error sending response: permission denied Jan 25 05:15:40 asimov named[145]: client 66.230.160.1#139: error sending response: permission denied Jan 25 07:45:11 asimov named[145]: client 206.71.158.30#139: error sending response: permission denied Jan 25 07:56:26 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 08:10:29 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 08:54:34 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 09:16:41 asimov named[145]: client 206.71.158.30#138: error sending response: permission denied Jan 25 10:03:51 asimov named[145]: client 206.71.158.30#445: error sending response: permission denied Ports 135-139 and 445 are denied by the firewall on the outside interface. Why do you care about what port you are sending to? Just allow named to send its replies. It looks like it might be some kind of Windows exploit, but I've Googled and searched the BIND mailing lists, and haven't found any clues yet. Has anybody else seen this? Thanks! Andre ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
