Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 405 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Problems after Update to 6.314

KSeemann
After updating our ASG to Ver 6.314 (the one with the DNS Fix) my DNS Proxy log now grows  rapidly with Messages like this...
named[7113]: too many timeouts resolving '13.237.150.90.in-addr.arpa/PTR' (in '.'?): disabling EDNS
named[7113]: unexpected RCODE (SERVFAIL) resolving '74.26.19.117.in-addr.arpa/PTR/IN': 194.25.0.68#53


I also find our Forwarding Name Server in the Packet Filter Log...
ulogd[2384]: DROP: IN=eth1 OUT= MAC=00:0f:20:6a:b8:94:00:17:e0:4c:34:08:08:00  SRC=194.25.0.52 DST=***.***.***.*** LEN=100 TOS=00 PREC=0x00 TTL=249 ID=48951 CE DF PROTO=UDP SPT=53 DPT=23391 LEN=80 

trying to reach our external IP.

Did i miss something?

I rebooted the Box, just to be shure, but it didn´t help...

I also got some Portscan Warnig Mails (caused by our Forwarding Name Servers), so i put them in the Portscan exclusions...

...so whats wrong??? Any Ideas???


This thread was automatically locked due to age.
  • 0
    The biggest contributor to named.log growth seems to be this...: 
    named[5925]: too many timeouts resolving '***.***.***.***.combined-HIB.dnsiplists.completewhois.com/A' (in 'com'?): disabling EDNS

    The "completewhois.com" RBL seems to be part of this Problem:
    http://astaro.org/showthread.php?t=19597&highlight=completewhois.com

    I assume that the DNS Patch included more detailed Logging. So the "completewhois" RBL Stuff might be going on since Sept. 2007 when that List was closed.

    I can find some "completewhois" Stuff in the SpamAssassin Config File "/usr/share/spamassassin/20_dnsbl_tests.cf", but it doesn´t show up in the WebAdmin.

    The Packetfilter- /Portscan-problem with our DNS Forwarders is, at least temporary, solved by switching to OpenDNS.
  • 0 in reply to KSeemann
    Just to update this Topic...

    Our Reseller kicked the "completewhois" Stuff out of the SpamAssassin Config, so we don´t get any new "completewhois" Lines in the named.log (there was one Day with more than 56.000 Lines :eek[:)]

    and it even seems to have reduced the load of the Machine slightly