I have recently converted my Firewall from RedHat 7.3 to SuSE 9.0 I also have a caching DNS server on teh firewall. I used the standard setup for named and I just added the DNS servers of my ISP as forwarders in the /etc/named.conf My firewall is set up to only allow outgoing DNS queries to the servers listed in root.hints and the two forwarders. The DNS works fine, but it is constantly trying to send queries to servers that is unknown to me. THe firewall blocks it: Jan 7 22:27:58 geriatrix kernel: RULE Catch_All - DENY IN= OUT=ippp0 SRC=155.239.147.207 DST=209.208.0.96 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=30236 DF PROTO=UDP SPT=53 DPT=53 LEN=55 Jan 7 22:28:00 geriatrix kernel: RULE Catch_All - DENY IN= OUT=ippp0 SRC=155.239.147.207 DST=62.58.50.220 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=30314 DF PROTO=UDP SPT=53 DPT=53 LEN=53 Jan 7 22:28:00 geriatrix kernel: RULE Catch_All - DENY IN= OUT=ippp0 SRC=155.239.147.207 DST=192.42.93.30 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=30315 DF PROTO=UDP SPT=53 DPT=53 LEN=61 Jan 7 22:28:00 geriatrix kernel: RULE Catch_All - DENY IN= OUT=ippp0 SRC=155.239.147.207 DST=192.42.93.30 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=30317 DF PROTO=UDP SPT=53 DPT=53 LEN=60 Jan 7 22:28:00 geriatrix kernel: RULE Catch_All - DENY IN= OUT=ippp0 SRC=155.239.147.207 DST=209.208.0.97 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=30318 DF PROTO=UDP SPT=53 DPT=53 LEN=55 Why is named trying to access those servers? The way i understand, it should only use the root servers and the forwarders. I cannot find these IP adresses anywhere in something that looks like named config. Any ideas? Thanks -- Andre Truter Software Engineer Registered Linux user #185282 ICQ #40935899 AIM: trusoftzaf http://www.trusoft.za.net ~ A dinosaur is a salamander designed to Mil Spec ~
participants (1)
-
Andre Truter