But, the last few days, I start to obeserve entries, like these :- __________________________________________________________ Oct 29 22:09:07 AIG kernel: Packet log: input DENY ppp0 PROTO=17 194.219.151.161:53 194.219.247.130:53 L=52 S=0x00 I=21648 F=0x0000 T=122 (#32)
Oct 29 22:11:07 AIG kernel: Packet log: input DENY ppp0 PROTO=17 194.219.151.161:53 194.219.247.130:53 L=52 S=0x00 I=22928 F=0x0000 T=122 (#32)
Those are UDP packets, port 53 both ways, from a nameserver (this one is
at least responsible for the zone patrascc.gr). Nothinig unusual actually,
only that the source _and_ destination port for these packets is 53.
I'd guess that you are/were ppp9.aig.forthnet.gr (194.219.247.130) and
that you have a caching dns running, configured to use port 53 as the
source port for the packets that are being sent as requests. It might be
advisable to set this (local) port in bind8's configuration to something
above port 1024 to just not cause any trouble like readability of logs. If
I remember correctly, bind must run as root because the sockets won't be
reused but recreated which requires root privs each time. But I may be
wrong...
Thanks,
Roman.
--
- -
| Roman Drahtmüller