Re: what does syslogd want with DNS?

From: Rob van der Putten (rob_at_sput.nl)
Date: 08/14/05

• Next message: CL (dnoyeB) Gilbert: "Re: samba question"
• Previous message: Scott Lowe: "Re: Reach Mac from Linux via Rendezvous/Bonjour?"
• In reply to: CL (dnoyeB) Gilbert: "Re: what does syslogd want with DNS?"
• Next in thread: CL (dnoyeB) Gilbert: "Re: what does syslogd want with DNS?"
• Reply: CL (dnoyeB) Gilbert: "Re: what does syslogd want with DNS?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Sun, 14 Aug 2005 13:37:59 +0200

Hi there

"CL (dnoyeB) Gilbert" wrote:

> CL (dnoyeB) Gilbert wrote:
> > I am running syslogd on my RHL9 box. I noticed in my firewall that its
> > sending a load of data to 68.87.64.196:52 UDP. I thought that was
> > rather odd. I checked netstat and I get
> >
> > udp 0 0 192.168.0.202:33987 ns.inflow.pa.bo.:domain ESTABLISHED
> > 4841/syslogd
> >
> > and also
> >
> > unix 13 [] DGRAM 4276 4841/syslogd /dev/log
> >
> >
> >
> > Well a little more digging and it seems 68.87.64.196 is my DNS server :D
> >
> > I didnt know DNS was on udp though, anyway..

It does both TCP and UDP.

> > What does syslogd want
> > with DNS? Is it trying to reverse lookup the name of the servers
> > dumping data into it? If so, any way to satisfy it since these are
> > local computer addresses like 192.168.x.x.

Set up your own DNS with your ISP's DNS as forwarder.
Create both a forward and reverse zone for your lan.

> Didn't take long to figure that one out. Yes syslogd is doing reverse
> dns lookups of the IP that are trying to log to it. I put an entry in
> the /etc/hosts file and the dns over the wire went away.
>
> I wonder how many other apps are doing reverse dns lookups on my local
> IP addresses. I know ssh can take a while under certain setups. its
> probably doing it too.

Just about anything net does reverse lookups.
 

Regards,
Rob

-- 
+----------------------------------------------------------------------+
|                       Intensieve Menshouderij                        |
|                http://www.intensievemenshouderij.nl/                 |
+----------------------------------------------------------------------+

---

• Next message: CL (dnoyeB) Gilbert: "Re: samba question"
• Previous message: Scott Lowe: "Re: Reach Mac from Linux via Rendezvous/Bonjour?"
• In reply to: CL (dnoyeB) Gilbert: "Re: what does syslogd want with DNS?"
• Next in thread: CL (dnoyeB) Gilbert: "Re: what does syslogd want with DNS?"
• Reply: CL (dnoyeB) Gilbert: "Re: what does syslogd want with DNS?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: SMTP delivery failure when NIC DNS server points to router ... I learned that the router's DNS server does not listen to TCP queries. ... Configure the SMTPSVC to use UDP for DNS queries. ... (microsoft.public.inetserver.iis.smtp_nntp) RE: Help with ipfw rules to allow DNS queries through ... If a DNS reply exceeds the maximum size of a udp datagram, it will be sent using TCP so the rule is needed. ... > I have a stand alone server co-located on my employers T1 line. ... (FreeBSD-Security) Re: Windows 2003 Help ... Reconfigure the DC's as also posted in DNS NG: ... In the private ip range i would not enable the firewall between the DC's. ... 53211 TCP ... 53 TCP and UDP ... (microsoft.public.windows.server.general) Re: Usage Report show IP addr instead of computer names ... I didn't have Reverse Lookup configured for all of my subnets. ... The reverse DNS look-up is only query DNS server, ... Can you see the PTR record for the unresolved IP address, if not, please ... | the reverse lookups at 4:30, will that cause the Usage Report to identify ... (microsoft.public.windows.server.sbs) SMTP Outgoing - Connection Dropped ... Searching for Exchange external DNS settings. ... Checking TCP/UDP SOA serial number using DNS server. ... TCP test failed. ... UDP test succeeded. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)