NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
The following reply was made to PR bin/58170; it has been noted by GNATS.
From: toku%tokugawa.org@localhost
To: gnats-bugs%netbsd.org@localhost, christos%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
netbsd-bugs%netbsd.org@localhost
Cc: toku%tokugawa.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Date: Sat, 20 Apr 2024 05:50:43 +0900
My server tamgw.tokugawa.or.jp is runnning NetBSD10. This host is an
authorized DNS server for several zones. For example, tokugawa.or.jp,
tokugawa-art-museum.jp, yakumo.co.jp, etc.
The following log is excerpts from blocklistd, named and tcpdump logs.
The query at 05:04:27 is a query that should be blocked, but the other
queries are valid query. Nevertheless, named notifies blocklistd.
Thank you for reading my poor English.
Yoshitaka Tokugawa
05:04:00.902087 IP 78.47.149.66.45743 > 219.166.13.186.53: 25208% [1au]
AAAA? bsd1.YakuMO.co.jp. (46)
Apr 20 05:04:00 tamgw blocklistd[23684]: processing type=1 fd=7
remote=78.47.149.66:45743 msg=checkcacheacces uid=0 gid=0
05:04:00.903961 IP 219.166.13.186.53 > 78.47.149.66.45743: 25208*- 1/3/2
AAAA 2400:4010:43d:d01::2 (192)
05:04:01.166475 IP 78.47.119.231.38418 > 219.166.13.186.53: 48937% [1au]
NS? tOkUGAwA-dOrMiTORy.jP. (50)
Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7
remote=78.47.119.231:38418 msg=checkcacheacces uid=0 gid=0
05:04:01.168275 IP 219.166.13.186.53 > 78.47.119.231.38418: 48937*-
3/0/1 NS tish.tokugawa.org., NS bsd1.yakumo.co.jp., NS
tamgw.tokugawa.or.jp. (173)
05:04:01.182865 IP 78.47.119.231.59328 > 219.166.13.186.53: 53762% [1au]
AAAA? tAmgW.ToKugAwa.Or.JP. (49)
Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7
remote=78.47.119.231:59328 msg=checkcacheacces uid=0 gid=0
05:04:01.184640 IP 219.166.13.186.53 > 78.47.119.231.59328: 53762*-
1/3/2 AAAA 2400:4100:100:3c01::2 (195)
05:04:01.186981 IP 78.47.119.231.61462 > 219.166.13.186.53: 5136% [1au]
AAAA? bsd1.yAKumo.co.jP. (46)
Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7
remote=78.47.119.231:61462 msg=checkcacheacces uid=0 gid=0
05:04:01.188644 IP 219.166.13.186.53 > 78.47.119.231.61462: 5136*- 1/3/2
AAAA 2400:4010:43d:d01::2 (192)
05:04:14.023601 IP 203.178.139.60.55067 > 219.166.13.186.53: 22817+ ANY?
yakumo.co.jp. (30)
Apr 20 05:04:14 tamgw blocklistd[23684]: processing type=1 fd=7
remote=203.178.139.60:55067 msg=checkcacheacces uid=0 gid=0
05:04:14.025501 IP 219.166.13.186.53 > 203.178.139.60.55067: 22817*-
10/0/3 SOA, NS tish.tokugawa.org., NS bsd1.yakumo.co.jp., NS
tamgw.tokugawa.or.jp., A 219.163.48.122, MX tamgw.tokugawa.or.jp. 20, MX
bsd2.yakumo.co.jp. 5, MX hpms.tokugawa.org. 10, TXT "v=spf1
ip4:219.163.48.112/28 ip4:219.166.13.184/29 ip6:2400:4100:0100:3c00::/56
ip6:2400:4010:043d:0c00::/55 -all", TXT
"google-site-verification=ygRShFrbX51KmGCjQ9hDOiMIb_zp-kdQGwKT4axPNvw" (506)
05:04:27.488213 IP 203.178.139.60.55034 > 219.166.13.186.53: 43181+ ANY?
sl. (20)
Apr 20 05:04:27 tamgw blocklistd[23684]: processing type=1 fd=7
remote=203.178.139.60:55034 msg=checkcacheacces uid=0 gid=0
pr 20 05:04:27 tamgw named[5699]: client @0x7248c66e8d70
203.178.139.60#55034 (sl): query (cache) 'sl/ANY/IN' denied
(allow-query-cache did not match)
05:04:27.490088 IP 219.166.13.186.53 > 203.178.139.60.55034: 43181
Refused- 0/0/0 (20)
05:04:28.685961 IP 80.0.248.62.28949 > 219.166.13.186.53: 7080 [1au] A?
www.tokugawa-art-museum.jp. (55)
Apr 20 05:04:28 tamgw blocklistd[23684]: processing type=1 fd=7
remote=80.0.248.62:28949 msg=checkcacheacces uid=0 gid=0
05:04:28.686541 IP 219.166.13.186.53 > 80.0.248.62.28949: 7080*- 1/3/1 A
150.60.27.115 (173)
On 2024/04/20 0:40, Christos Zoulas wrote:
> The following reply was made to PR bin/58170; it has been noted by GNATS.
>
> From: Christos Zoulas <christos%zoulas.com@localhost>
> To: Robert Elz <kre%munnari.OZ.AU@localhost>
> Cc: gnats-bugs%netbsd.org@localhost,
> Christos Zoulas <christos%netbsd.org@localhost>,
> netbsd-bugs%netbsd.org@localhost,
> toku%tokugawa.org@localhost
> Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
> Date: Fri, 19 Apr 2024 11:38:01 -0400
>
> I guess the best way to find out is to turn on logging and look at the =
> log file :-)
>
> christos
>
> > On Apr 19, 2024, at 9:38=E2=80=AFAM, Robert Elz <kre%munnari.OZ.AU@localhost> =
> wrote:
> >=20
> > Date: Fri, 19 Apr 2024 08:33:42 -0400
> > From: Christos Zoulas <christos%zoulas.com@localhost>
> > Message-ID: <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
> >=20
> > | I think we should, since the querier has no way to know that there
> > | is an ACL preventing the query so this is not an abuse.
> >=20
> > I don't know what it takes to install the block, but the typical way
> > this would happen is if a client was using the wrong DNS server as its
> > back end. If that's what is happening (many queries, all being sent
> > to the wrong server) then it may not be abuse, but blocking that =
> client
> > is still a reasonable thing to do.
> >=20
> > If it is just an occasional query (like someone running dig and =
> specifying
> > a particular server) then a block might be an over reaction.
> >=20
> > If the server is supposed to be handling those queries, then its =
> config
> > should be fixed to allow them.
> >=20
> > kre
>
Home |
Main Index |
Thread Index |
Old Index