Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1722 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

many droppped DNS-requests from outbound IP at start

delphi99
hi,

I'm using Astaro at home. The PC is only powered on when I'm home.

My outbound interface is connected via pppoe and register itself at dyndns.

There are over 3000 dropped dns-requests to all DNS-root-Servers with over 200 packets per destination host, but only in the first minutes after start. Source is the outbound IP.

OK, it's not so bad, but I'm wondering about.

Have anyone any idea? I've some filter rules like "allow dns from any to any", but I think it's a problem with DynDNS?

Tnx Frank.


This thread was automatically locked due to age.
  • 0
    Can you show a few lines from the full log (not the live log)?

    Cheers - Bob
  • 0
    Hi Bob,
    some lines:
    ---------------------------------
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.58.128.30" proto="17" length="74" tos="0x00" prec="0x00" ttl="64" srcport="46102" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="217.79.186.148" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="34445" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="89.102.101.62" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="40974" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="198.41.0.4" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="57764" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.228.79.201" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="33696" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.33.4.12" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="28079" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="128.8.10.90" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="36696" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.203.230.10" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="52364" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.5.5.241" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="65023" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.112.36.4" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="9492" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="128.63.2.53" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="64913" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.36.148.17" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="51506" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.58.128.30" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="14630" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="217.79.186.148" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="48677" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="89.102.101.62" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="19158" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="198.41.0.4" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="42935" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.228.79.201" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="30165" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.33.4.12" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="27881" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="128.8.10.90" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="29469" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.203.230.10" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="10438" dstport="53" 
    2010:08:31-18:08:09 fshome ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" outitf="ppp0" srcip="91.39.48.177" dstip="192.5.5.241" proto="17" length="63" tos="0x00" prec="0x00" ttl="64" srcport="20211" dstport="53" 
    ------------------------
    Firmware is 7.507

    Frank
  • 0
    It's strange that Astaro would drop traffic it originated. With fwrule="60003" and id="2001" in those lines, Astaro purposely dropped traffic originating on its interface.

    I don't think it's DynDNS.  If this began only recently, then check your Intrusion Prevention log.  If it's been going on for awhile, check your DNS configuration against DNS Best Practices.   Also the DNS setup in 'Remote Access >> Advanced'.

    Please come back with the answer if you find one, or more questions!

    Cheers - bob
  • 0
    thank you, BOB for your assitance.
    it dropps only in the first seconds after system start. no remote access. ips is disabled.

    greetings Frank
  • 0 in reply to delphi99
    Hi folks,

    please describe your hardware setup.

    I think if you do a search of this forum you will find a number of threads on a the same or similar subject.
    I have been suffering the same affect for a number of version of ASG. As far as I can determine it has something to do with the multi CPU ASGs.
    A process starts before another has completed its task.

    I currently have 2 ASGs in tandem and get the same affect on both on restarts/reboots.

    Ian M
  • 0
    hi there!

    seems i got a similar problem since the last 36h. difference is, it starts dropping dns packets coming (going) from its main external ip (!?). the log also shows references to rules 60001/2 and (mostly) 60003. next is, that memory (1 gig) is maxed out, and then it starts swapping up to the point where the whole machine gets unusable because other problems step in (middleware quits working, proxys give up, and so on).

    of course i can still log in and do a controlled reboot, which helps for about another 2 hours, then things getting weird again.

    the packetfilter logfile reaches sizes in the lower gigabytes, accordingly.

    i run the 7.507 asg as a vm, whith 2 cores dedicated to it. it seems, that the problems have begun while the vm was suspended for some minutes to allow the host to be rebooted on sunday evening.

    any thoughts are welcome!

    EDIT: the more i look into it, it seems that memory consumption is the main problem. since sunday midday swap usage constantly grows to a point where services stop responding. so the dns drops may be only a symptom because they don't occur before that point...