named error messages in log file, how to fix?
zz at rockstone.com
zz at rockstone.com
Sun Jun 24 21:37:48 UTC 2001
> At 4:47 PM -0400 6/24/01, zz at rockstone.com wrote:
>
> > 192.168.1.61 is a Win98 machine with only TCP/IP,Client for MS
> > network and file sharing protocal/service installed.
> > And I do NOT have Samba running on this RH7.1 linux, nor
> > have port 137 to 139 open, I don't understand why the linux
> > machine attempts to talk to the Win98 with Netbios protocol
> > as indicated using port 137.
> > Any suggestions what's likely the problem and how to
> > fix it? thank you.
>
> All PCs try to talk to everything on ports 137-139. However, if
> the machine at the other end isn't speaking NetBIOS or NetBEUI, then
> they most likely won't be able to respond in a manner that PCs will
> understand.
thanks for your reply, I had the PC using tcp ip as default
protocol, and I think this is not Win98's problem, but
bind configuraiton problem. This linux 7.1 box used to have
RH7.0 on it which got hacked due to weakness with bind 8.x(?),
later I had it upgraded to 7.1, but I am not sure if I have
cleaned up everything. It was very similar type of hacking
as described link bellow
http://www2.linuxjournal.com/articles/culture/0022.html
> Simply firewall off all access to ports 137-139 on the Linux
> server and toss all the crap packets coming from the PC to these
> ports.
>
I did have blocking in place blocking to 53 from outsiders
as shown in the /var/log/messages:
Jun 24 17:08:24 luna kernel: Packet log: input REJECT eth1
PROTO=6 217.57.55.91:3662 luna:111 L=60 S=0x00 I=36326
F=0x4000 T=44 SYN (#116)
Jun 24 17:32:56 luna kernel: Packet log: input REJECT eth1
PROTO=6 210.207.56.2:3029 luna:53 L=60 S=0x00 I=42695
F=0x4000 T=42 SYN (#113)
> With regards to things like this in the future, you really should
> ask a Linux-specific mailing list or newsgroup -- your question has
> absolutely nothing whatsoever to do with the DNS in general, or BIND
> in particular.
Sorry if this is wrong place, if its not DNS/bind issue, I won't ask
here. thanks.
Btw, what does /etc/named.conf should look like? I am trying to modify
it, and now I have it as is, am I correct with the ACL list?
Should I get rid of the 'key' options? thanks
act name {
address_match_list
ip_prefix = 192.168.1.0/24
};
options {
directory "/var/named";
query-source address * port 53;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
key "key" {
algorithm hmac-md5;
secret "rZBbPVPbJdZLzpBsTeqqWy0ITndNWqBMEPNpkUZOTHmPlawaAxIInAoGBQsw";
};
More information about the bind-users
mailing list