named error messages in log file, how to fix?

zz at rockstone.com zz at rockstone.com
Sun Jun 24 23:33:31 UTC 2001 

> On Sun, 24 Jun 2001 zz at rockstone.com wrote:
> 
> > 
> > > At 4:47 PM -0400 6/24/01, zz at rockstone.com wrote:
> > > 
> > > >  192.168.1.61 is a Win98 machine with only TCP/IP,Client for MS
> > > >  network and file sharing protocol/service installed.
> > > >  And I do NOT have Samba running on this RH7.1 linux, nor
> > > >  have port 137 to 139 open, I don't understand why the linux
> > > >  machine attempts to talk to the Win98 with Netbios protocol
> > > >  as indicated using port 137.
> > > >  Any suggestions what's likely the problem and how to
> > > >  fix it?  thank you.
> > > 
> > > 	All PCs try to talk to everything on ports 137-139.  However, if 
> > > the machine at the other end isn't speaking NetBIOS or NetBEUI, then 
> > > they most likely won't be able to respond in a manner that PCs will 
> > > understand.
> > 
> > thanks for your reply, I had the PC using tcp ip as default 
> > protocol, and I think this is not Win98's problem, but 
> > bind configuraiton problem. 
> 
> ??????
> 
> Win98 sends a query from source port 137 (netbios-ns) to destination
> port 53 (domain).
> 
> Named answers the query from source port 53 (domain) to destination port
> 137 (netbios-ns).
> 
> Named can not send the packet to destination port 137.
> 
> Named logs messages stating the above.
> 
> This is windows sending a query while denying the query-response (or due
> to some firewall).
> 
> Make it accept the response, or make it not sending the query.
> 
> Your problem is not caused by BIND configuration, no matter how severe
> your RH box was hacked.

  The Win98 machine was configured that it solely rely on the RH 7.1
  linux box for DNS, i.e. it has only ONE dns server entered: 
  192.168.1.254, and the fact that Win98 can do browsing, ping, telnet,
  etc to any outside Internet hosts, indicates the Linux as 
  cache DNS server works ok for Win98 client. bind seems able to pass
  querey packets to Win98 machine. 

  If it is true Linux box won't be able to send resolve reply to port 137
  of the Win98 box, then the Win98 box wouldn't be able to browse Internet
  at all. And this error messages in the log is not that frequent, only
  few seconds to few minutes, and sometimes over 15min there is no error.
  It appears this happens only when request a new domain name, as observe
  a lagging on the Win98.   And usually in 10-15min, such error get
  logged on the Linux box.
  I am wondering if there is any mechanism or mis-configuration possibility.
  
  If it is a firewall or ipchains blocking, then the Win98 wouldn't be
  able to resolve any Internet host, right? 
  thank you.

More information about the bind-users mailing list