NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)



My server tamgw.tokugawa.or.jp is runnning NetBSD10. This host is an authorized DNS server for several zones. For example, tokugawa.or.jp, tokugawa-art-museum.jp, yakumo.co.jp, etc.

The following log is excerpts from blocklistd, named and tcpdump logs.
The query at 05:04:27 is a query that should be blocked, but the other queries are valid query. Nevertheless, named notifies blocklistd.

Thank you for reading my poor English.

Yoshitaka Tokugawa

05:04:00.902087 IP 78.47.149.66.45743 > 219.166.13.186.53: 25208% [1au] AAAA? bsd1.YakuMO.co.jp. (46) Apr 20 05:04:00 tamgw blocklistd[23684]: processing type=1 fd=7 remote=78.47.149.66:45743 msg=checkcacheacces uid=0 gid=0 05:04:00.903961 IP 219.166.13.186.53 > 78.47.149.66.45743: 25208*- 1/3/2 AAAA 2400:4010:43d:d01::2 (192) 05:04:01.166475 IP 78.47.119.231.38418 > 219.166.13.186.53: 48937% [1au] NS? tOkUGAwA-dOrMiTORy.jP. (50) Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7 remote=78.47.119.231:38418 msg=checkcacheacces uid=0 gid=0 05:04:01.168275 IP 219.166.13.186.53 > 78.47.119.231.38418: 48937*- 3/0/1 NS tish.tokugawa.org., NS bsd1.yakumo.co.jp., NS tamgw.tokugawa.or.jp. (173) 05:04:01.182865 IP 78.47.119.231.59328 > 219.166.13.186.53: 53762% [1au] AAAA? tAmgW.ToKugAwa.Or.JP. (49) Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7 remote=78.47.119.231:59328 msg=checkcacheacces uid=0 gid=0 05:04:01.184640 IP 219.166.13.186.53 > 78.47.119.231.59328: 53762*- 1/3/2 AAAA 2400:4100:100:3c01::2 (195) 05:04:01.186981 IP 78.47.119.231.61462 > 219.166.13.186.53: 5136% [1au] AAAA? bsd1.yAKumo.co.jP. (46) Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7 remote=78.47.119.231:61462 msg=checkcacheacces uid=0 gid=0 05:04:01.188644 IP 219.166.13.186.53 > 78.47.119.231.61462: 5136*- 1/3/2 AAAA 2400:4010:43d:d01::2 (192) 05:04:14.023601 IP 203.178.139.60.55067 > 219.166.13.186.53: 22817+ ANY? yakumo.co.jp. (30) Apr 20 05:04:14 tamgw blocklistd[23684]: processing type=1 fd=7 remote=203.178.139.60:55067 msg=checkcacheacces uid=0 gid=0 05:04:14.025501 IP 219.166.13.186.53 > 203.178.139.60.55067: 22817*- 10/0/3 SOA, NS tish.tokugawa.org., NS bsd1.yakumo.co.jp., NS tamgw.tokugawa.or.jp., A 219.163.48.122, MX tamgw.tokugawa.or.jp. 20, MX bsd2.yakumo.co.jp. 5, MX hpms.tokugawa.org. 10, TXT "v=spf1 ip4:219.163.48.112/28 ip4:219.166.13.184/29 ip6:2400:4100:0100:3c00::/56 ip6:2400:4010:043d:0c00::/55 -all", TXT "google-site-verification=ygRShFrbX51KmGCjQ9hDOiMIb_zp-kdQGwKT4axPNvw" (506) 05:04:27.488213 IP 203.178.139.60.55034 > 219.166.13.186.53: 43181+ ANY? sl. (20) Apr 20 05:04:27 tamgw blocklistd[23684]: processing type=1 fd=7 remote=203.178.139.60:55034 msg=checkcacheacces uid=0 gid=0 pr 20 05:04:27 tamgw named[5699]: client @0x7248c66e8d70 203.178.139.60#55034 (sl): query (cache) 'sl/ANY/IN' denied (allow-query-cache did not match) 05:04:27.490088 IP 219.166.13.186.53 > 203.178.139.60.55034: 43181 Refused- 0/0/0 (20) 05:04:28.685961 IP 80.0.248.62.28949 > 219.166.13.186.53: 7080 [1au] A? www.tokugawa-art-museum.jp. (55) Apr 20 05:04:28 tamgw blocklistd[23684]: processing type=1 fd=7 remote=80.0.248.62:28949 msg=checkcacheacces uid=0 gid=0 05:04:28.686541 IP 219.166.13.186.53 > 80.0.248.62.28949: 7080*- 1/3/1 A 150.60.27.115 (173)



On 2024/04/20 0:40, Christos Zoulas wrote:
The following reply was made to PR bin/58170; it has been noted by GNATS.

From: Christos Zoulas <christos%zoulas.com@localhost>
To: Robert Elz <kre%munnari.OZ.AU@localhost>
Cc: gnats-bugs%netbsd.org@localhost,
  Christos Zoulas <christos%netbsd.org@localhost>,
  netbsd-bugs%netbsd.org@localhost,
  toku%tokugawa.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Date: Fri, 19 Apr 2024 11:38:01 -0400

  I guess the best way to find out is to turn on logging and look at the =
  log file :-)
christos > On Apr 19, 2024, at 9:38=E2=80=AFAM, Robert Elz <kre%munnari.OZ.AU@localhost> =
  wrote:
  >=20
  >    Date:        Fri, 19 Apr 2024 08:33:42 -0400
  >    From:        Christos Zoulas <christos%zoulas.com@localhost>
  >    Message-ID:  <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
  >=20
  >  | I think we should, since the querier has no way to know that there
  >  | is an ACL preventing the query so this is not an abuse.
  >=20
  > I don't know what it takes to install the block, but the typical way
  > this would happen is if a client was using the wrong DNS server as its
  > back end.   If that's what is happening (many queries, all being sent
  > to the wrong server) then it may not be abuse, but blocking that =
  client
  > is still a reasonable thing to do.
  >=20
  > If it is just an occasional query (like someone running dig and =
  specifying
  > a particular server) then a block might be an over reaction.
  >=20
  > If the server is supposed to be handling those queries, then its =
  config
  > should be fixed to allow them.
  >=20
  > kre



Home | Main Index | Thread Index | Old Index