On Sun, 22 Jul 2001, Sean Roe wrote:

> Hi all,
>
> I have been experimenting with freesco http://www.freesco.org (FREE ciSCO)
> router distro as a replacement for Linux Router Project. I have a DNS Server
> setup behind the firewall servicing port 53 requests.
>
> I have Freesco and running and all is well except for DNS.  I have a DNS
> server behind it and I have ports 53 udp and tcp passed through to it.  I
> keep getting these errors:
>
> Jul 21 18:47:21 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:11415
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:47:36 - last message repeated 4 times
> Jul 21 18:47:36 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:12057
> 206.165.207.198:53 L=69 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:47:44 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:11415
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:47:56 - last message repeated 4 times
> Jul 21 18:47:58 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:12057
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:48:00 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:11415
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:48:25 - last message repeated 4 times
> Jul 21 18:48:27 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:12057
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 19:04:20 - kernel: IP fw-in rej eth0 UDP 151.203.0.85:44947
> 206.165.207.198:53 L=64 S=0x00 I=61649 F=0x0040 T=245
>
Did you say that you had DNS running and that it was working- correctly?
How is named.conf set up? Do you allow outside access to your DNS service
for a DMZ. If outside access is not alowed for DNS and the port is blocked
but it still works from the inside for caching etc the don't worry about
it- I would suspect that you also have lookup problems if there in *no*
access to DNS, eg. the reply. If that is the case then set your router
rules to allow udp from port 53 coming in. Otherwise there were a few
really nasty bugs in BIND that you should have patched up to the current
version for.


Patrick

>
> My question is what causes these?  Is it a hack attempt?
>
> Sean
>
>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>