Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)

To: gnats-bugs%netbsd.org@localhost, christos%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
From: toku%tokugawa.org@localhost
Date: Sat, 20 Apr 2024 05:50:43 +0900

My server tamgw.tokugawa.or.jp is runnning NetBSD10. This host is anauthorized DNS server for several zones. For example, tokugawa.or.jp,tokugawa-art-museum.jp, yakumo.co.jp, etc.


The following log is excerpts from blocklistd, named and tcpdump logs.

The query at 05:04:27 is a query that should be blocked, but the otherqueries are valid query. Nevertheless, named notifies blocklistd.


Thank you for reading my poor English.

Yoshitaka Tokugawa

05:04:00.902087 IP 78.47.149.66.45743 > 219.166.13.186.53: 25208% [1au]AAAA? bsd1.YakuMO.co.jp. (46)Apr 20 05:04:00 tamgw blocklistd[23684]: processing type=1 fd=7remote=78.47.149.66:45743 msg=checkcacheacces uid=0 gid=005:04:00.903961 IP 219.166.13.186.53 > 78.47.149.66.45743: 25208*- 1/3/2AAAA 2400:4010:43d:d01::2 (192)05:04:01.166475 IP 78.47.119.231.38418 > 219.166.13.186.53: 48937% [1au]NS? tOkUGAwA-dOrMiTORy.jP. (50)Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7remote=78.47.119.231:38418 msg=checkcacheacces uid=0 gid=005:04:01.168275 IP 219.166.13.186.53 > 78.47.119.231.38418: 48937*-3/0/1 NS tish.tokugawa.org., NS bsd1.yakumo.co.jp., NStamgw.tokugawa.or.jp. (173)05:04:01.182865 IP 78.47.119.231.59328 > 219.166.13.186.53: 53762% [1au]AAAA? tAmgW.ToKugAwa.Or.JP. (49)Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7remote=78.47.119.231:59328 msg=checkcacheacces uid=0 gid=005:04:01.184640 IP 219.166.13.186.53 > 78.47.119.231.59328: 53762*-1/3/2 AAAA 2400:4100:100:3c01::2 (195)05:04:01.186981 IP 78.47.119.231.61462 > 219.166.13.186.53: 5136% [1au]AAAA? bsd1.yAKumo.co.jP. (46)Apr 20 05:04:01 tamgw blocklistd[23684]: processing type=1 fd=7remote=78.47.119.231:61462 msg=checkcacheacces uid=0 gid=005:04:01.188644 IP 219.166.13.186.53 > 78.47.119.231.61462: 5136*- 1/3/2AAAA 2400:4010:43d:d01::2 (192)05:04:14.023601 IP 203.178.139.60.55067 > 219.166.13.186.53: 22817+ ANY?yakumo.co.jp. (30)Apr 20 05:04:14 tamgw blocklistd[23684]: processing type=1 fd=7remote=203.178.139.60:55067 msg=checkcacheacces uid=0 gid=005:04:14.025501 IP 219.166.13.186.53 > 203.178.139.60.55067: 22817*-10/0/3 SOA, NS tish.tokugawa.org., NS bsd1.yakumo.co.jp., NStamgw.tokugawa.or.jp., A 219.163.48.122, MX tamgw.tokugawa.or.jp. 20, MXbsd2.yakumo.co.jp. 5, MX hpms.tokugawa.org. 10, TXT "v=spf1ip4:219.163.48.112/28 ip4:219.166.13.184/29 ip6:2400:4100:0100:3c00::/56ip6:2400:4010:043d:0c00::/55 -all", TXT"google-site-verification=ygRShFrbX51KmGCjQ9hDOiMIb_zp-kdQGwKT4axPNvw" (506)05:04:27.488213 IP 203.178.139.60.55034 > 219.166.13.186.53: 43181+ ANY?sl. (20)Apr 20 05:04:27 tamgw blocklistd[23684]: processing type=1 fd=7remote=203.178.139.60:55034 msg=checkcacheacces uid=0 gid=0pr 20 05:04:27 tamgw named[5699]: client @0x7248c66e8d70203.178.139.60#55034 (sl): query (cache) 'sl/ANY/IN' denied(allow-query-cache did not match)05:04:27.490088 IP 219.166.13.186.53 > 203.178.139.60.55034: 43181Refused- 0/0/0 (20)05:04:28.685961 IP 80.0.248.62.28949 > 219.166.13.186.53: 7080 [1au] A?www.tokugawa-art-museum.jp. (55)Apr 20 05:04:28 tamgw blocklistd[23684]: processing type=1 fd=7remote=80.0.248.62:28949 msg=checkcacheacces uid=0 gid=005:04:28.686541 IP 219.166.13.186.53 > 80.0.248.62.28949: 7080*- 1/3/1 A150.60.27.115 (173)




On 2024/04/20 0:40, Christos Zoulas wrote:

The following reply was made to PR bin/58170; it has been noted by GNATS.

From: Christos Zoulas <christos%zoulas.com@localhost>
To: Robert Elz <kre%munnari.OZ.AU@localhost>
Cc: gnats-bugs%netbsd.org@localhost,
  Christos Zoulas <christos%netbsd.org@localhost>,
  netbsd-bugs%netbsd.org@localhost,
  toku%tokugawa.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Date: Fri, 19 Apr 2024 11:38:01 -0400

  I guess the best way to find out is to turn on logging and look at the =
  log file :-)

christos> On Apr 19, 2024, at 9:38=E2=80=AFAM, Robert Elz <kre%munnari.OZ.AU@localhost> =

  wrote:
  >=20
  >    Date:        Fri, 19 Apr 2024 08:33:42 -0400
  >    From:        Christos Zoulas <christos%zoulas.com@localhost>
  >    Message-ID:  <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
  >=20
  >  | I think we should, since the querier has no way to know that there
  >  | is an ACL preventing the query so this is not an abuse.
  >=20
  > I don't know what it takes to install the block, but the typical way
  > this would happen is if a client was using the wrong DNS server as its
  > back end.   If that's what is happening (many queries, all being sent
  > to the wrong server) then it may not be abuse, but blocking that =
  client
  > is still a reasonable thing to do.
  >=20
  > If it is just an occasional query (like someone running dig and =
  specifying
  > a particular server) then a block might be an over reaction.
  >=20
  > If the server is supposed to be handling those queries, then its =
  config
  > should be fixed to allow them.
  >=20
  > kre

References:
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: Christos Zoulas

Prev by Date: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Next by Date: Re: port-riscv/58006 (ATF tests no longer complete on riscv-riscv64)
Previous by Thread: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Next by Thread: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Indexes:

Home | Main Index | Thread Index | Old Index