Bind9 und staendiger Verbindungsaufbau

26 Mar 2004

      Hallo Liste!

folgendes Problem:
Ein Rechner mit SuSE Linux 9.0,bind9 (lokaler DNS mit 
forwarders) und Internet mit isdn.
Der Rechner baut immer im 10 Minuten Rythmus eine Verbindung 
ins Internet auf. Durch "isdnctrl verbose 3" habe ich 
herrausgefunden, das der Verbindungsaufbau durch eine DNS 
Anfrage an den eingetragenen DNS Server erfolgt.Um den 
übeltäter ausfindig zu machen, habe ich in der /etc/named.conf 
das Logging aktiviert.
Dieses funktioniert auch, da Anfragen von Clients im localen 
Netz im syslog protokolliert werden. Leider werden die DNS 
Anfragen vom Linux Rechner selber nicht mit protokolliert.
Also wenn ich z.B. mit nslookup www.google auflöse.
Gibt es hierfür noch eine andere Möglichkeit?

Hier ist meine /etc/named.conf:

-----8<----schnipp-----8<-----
# Copyright (c) 2001-2003 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller 
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 
9.  It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be 
found in
# /usr/share/doc/packages/bind9/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind9/misc/options.

options {

	# The directory statement defines the name server's 
working directory

	directory "/var/lib/named";

	# Write dump and statistics file to the log 
subdirectory.  The
	# pathenames are relative to the chroot jail.

	dump-file "/var/log/named_dump.db";
	statistics-file "/var/log/named.stats";

	# The forwarders record contains a list of servers to 
which queries
	# should be forwarded.  Enable this line and modify the 
IP address to
	# your provider's name server.  Up to three servers may 
be listed.

	#forwarders { 212.62.68.34; 212.62.68.35; 
xxx.xxx.xxx.xxx; }; #Teleos DNS
	# Hier den DNS Server ändern!
	# Wichtig! Nur den zweiten Eintrag verändern!
	forwarders { 194.25.2.129; 145.253.2.196; };

	# Enable the next entry to prefer usage of the name 
server declared in
	# the forwarders section.

	forward only;

	# The listen-on record contains a list of local network 
interfaces to
	# listen on.  Optionally the port can be specified.  
Default is to
	# listen on all interfaces found on your system.  The 
default port is
	# 53.

	listen-on port 53 { any; };

	# The listen-on-v6 record enables or disables listening 
on IPv6
	# interfaces.  Allowed values are 'any' and 'none' or a 
list of
	# addresses.

	#listen-on-v6 { any; };

	# The next three statements may be needed if a firewall 
stands between
	# the local server and the internet.

	#query-source address * port 53;
	#transfer-source * port 53;
	#notify-source * port 53;

	# The allow-query record contains a list of networks or 
IP addresses
	# to accept and deny queries from. The default is to 
allow queries
	# from all hosts.

	#allow-query { 127.0.0.1; };

	# If notify is set to yes (default), notify messages are 
sent to other
	# name servers when the the zone data is changed.  
Instead of setting
	# a global 'notify' statement in the 'options' section, 
a separate
	# 'notify' can be added to each zone definition.

	cleaning-interval 120;
	sortlist {
		{ localhost; localnets; };
		{ localnets; };
		};
	notify no;
};

# To configure named's logging remove the leading '#' 
characters of the
# following examples.
logging {
 	#Log queries to a file limited to a size of 100 MB.
	channel query_logging {
		file "/var/log/named_querylog"
			versions 3 size 100M;
		print-time yes;			// timestamp log 
entries
	};
	category queries {
		query_logging;
	};

	#Or log this kind alternatively to syslog.
	channel syslog_queries {
		syslog user;
		severity info;
	};
	category queries { syslog_queries; };

	# Log general name server errors to syslog.
	channel syslog_errors {
		syslog user;
		severity error;
	};
	category default { syslog_errors;  };

	# Don't log lame server messages.
	category lame-servers { null; };
};

# The following zone definitions don't need any modification.  
The first one
# is the definition of the root name servers.  The second one 
defines
# localhost while the third defines the reverse lookup for 
localhost.

zone "." in {
	type hint;
	file "root.hint";
};

zone "localhost" in {
	type master;
	file "localhost.zone";
	allow-update { none; };
};

zone "0.0.127.in-addr.arpa" in {
	type master;
	file "127.0.0.zone";
	allow-update { none; };
};

zone "bethel.de" {
	type master;
	file "bethel.zone";
};

zone "101.168.192.inn-addr.arpa" in {
	type master;
	file "bethel.rev";
};

# Include the meta include file generated by SuSEconfig.named.  
This includes
# all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

#include "/etc/named.conf.include";

# You can insert further zone records for your own domains 
below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SuSE for more 
details.
-----8<----schnapp-----8<-----

Mit freundlichen Grüßen
Carsten Niemeyer