Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Daily DNS ?
« previous next »
Pages: [1]   Go Down

Daily DNS ?

  • 6 Replies
  • 1062 Views

John Crisp

Daily DNS ?
« on: January 14, 2003, 02:44:01 PM »
Hi,

Been having a bit of trouble trying to track down the following problem on a patched V5.1.2 server

Everyday at the same time I get a trigger which brings up the dialup line. I am trying to see where it comes from to eliminate it, as the server then does a mail run which I don’t want to happen. I don’t get any other triggers after work – only this one at 4am.

Can anyone give me any pointers as to what the cause may be and how to resolve it. I don’t get any other triggers over night, just the one at the same time everyday.

Times are GMT.

Having looked in /home/dns/var/named/named.ca I can see that the IP’s are all root server IPs – so why is the server looking these up ?



Jan 14 04:02:03 wingate diald[4336]: Trigger: udp      192.168.42.1/1025       128.9.0.107/53

Jan 13 04:02:03 wingate diald[21737]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53

Jan 12 04:02:03 wingate diald[21737]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53

Jan 11 04:02:02 wingate diald[21737]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53

Jan 10 04:02:03 wingate diald[21737]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53  

Jan  9 04:02:03 wingate diald[21737]: Trigger: udp      192.168.42.1/1025    192.203.230.10/53

Jan  8 04:02:03 wingate diald[21737]: Trigger: udp      192.168.42.1/1025       128.9.0.107/53

Dec 21 04:02:03 wingate diald[916]: Trigger: udp      192.168.42.1/1025      193.0.14.129/53

Dec 18 04:02:03 wingate diald[2038]: Trigger: udp      192.168.42.1/1025    192.203.230.10/53

Dec 16 04:02:02 wingate diald[916]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53

Dec 15 04:02:03 wingate diald[916]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53


A daytime one :

Dec 17 13:45:20 wingate diald[2038]: Trigger: udp      192.168.42.1/1025       128.8.10.90/53

Don’t understand this one – why are the IPs reversed ?

Dec 20 04:06:54 wingate diald[916]: Trigger: udp       128.8.10.90/53        192.168.42.1/1025

Any help or thoughts are appreciated.

B. Rgds
John
Logged

John Crisp

Re: Daily DNS ?
« Reply #1 on: January 14, 2003, 03:18:37 PM »
Also found the following in my logs. Any relation ?

Jan  8 08:59:11 wingate named[1560]: check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records
Jan 13 10:36:26 wingate named[1610]: hint zone "" (IN) loaded (serial 0)
Jan 13 10:36:38 wingate named[1610]: check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records
Jan 14 09:11:17 wingate named[1612]: hint zone "" (IN) loaded (serial 0)
Jan 14 09:11:25 wingate named[1612]: check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records


Jan 14 09:26:53 wingate identd[1879]: missing parameter in /etc/identd.masq: #------------------------------------------------------------
Jan 14 09:26:53 wingate identd[1879]: Returned: 61005 , 21 : NO-USER


B. Rgds
John
Logged

Filippo Carletti

Re: Daily DNS ?
« Reply #2 on: January 14, 2003, 07:05:52 PM »
J.ROOT-SERVERS.NET changed address last september (or october).
No need to worry about that, or you could update the hints file.

I suggest that you enable query logging in named:
kill -WINCH
Logged

John Crisp

Re: Daily DNS ?
« Reply #3 on: January 14, 2003, 08:34:09 PM »
Hi Filippo,

Thanks for the reply.

Can you explain the kill -WINCH command ? I had a look online but couldn't see a reference to it. And how do you 'undo' the logging ?

I have manually updated the named.ca file with the new IP. I'll have a look in the morning and see what has happened.

B. Rgds
John
Logged

dave

Re: Daily DNS ?
« Reply #4 on: January 14, 2003, 11:17:00 PM »
I don't know if it makes a difference or not, I have a Win2K box setup to automatically download updates from MS's site and my logs shows sometime after midnight this server connects to MS to check for updates.  

Any MS PC that's configured to automatically download updates and is left on overnight will attempt to make this connection.

Just a thought....
Logged

John Crisp

Re: Daily DNS ?
« Reply #5 on: January 15, 2003, 02:48:04 PM »
Hmm.

Dave, thanks for your thoughts. At night I have one Windoze 98 PC running for faxing, but I don't think this is the culprit. I can down or disconnect it to tell for sure.

It seems that there is nothing much transmitted at the connection - a few bytes only - see below for last nights ones.

The date this started was around the beginning of December, although that be nothing to do with it.

One thing I have noted is that the IP that is being called seems mainly to be d.root-servers.net which is the 128.8.10.90 IP.

If I try to ping this IP I get nothing back, whereas I do from the other NS.

Hmm.

B. Rgds
John


Jan 15 04:02:03 wingate diald[916]: Trigger: udp      192.168.42.1/1025     192.36.148.17/53
Jan 15 04:02:41 wingate pppd[3257]: Connection terminated.
Jan 15 04:02:41 wingate pppd[3257]: Connect time 0.6 minutes.
Jan 15 04:02:41 wingate pppd[3257]: Sent 377 bytes, received 662 bytes.

Jan 15 04:03:11 wingate diald[916]: Trigger: udp       128.8.10.90/53        192.168.42.1/1025
Jan 15 04:03:47 wingate pppd[3306]: Connect time 0.6 minutes.
Jan 15 04:03:47 wingate pppd[3306]: Sent 315 bytes, received 527 bytes.
Logged

John Morrissey

Re: Daily DNS ?
« Reply #6 on: January 30, 2003, 05:09:13 PM »
ID for your mystery IP responds with the name "d.root-servers.net" - registant appears to be Verisign/ Network Solutions see below for details.  

Is ther a machine/program trying to update security certificates?

The location is listed as University of Maryland. That indicates its part of the original foundation of commercial Internet.

Hope this helps.


John Crisp wrote:

> If I try to ping this IP I get nothing back, whereas I do
> from the other NS.

Registrant:
VERISIGN GLOBAL REGISTRY SERVICES (ROOT-SERVERS-DOM)
   21345 Ridgetop Circle
   Dulles, VA 20166
   US

   Domain Name: ROOT-SERVERS.NET

   Administrative Contact:
      Internet Assigned Numbers Authority  (IANA)  iana@IANA.ORG
      4676 Admiralty Way, Suite 330
      Marina del Rey, CA 90292
      US
      310-823-9358
      Fax- 310-823-8649
   Technical Contact:
      VeriSign Global Registry Services  (REGISTRY)  rcc@verisign.com
      VeriSign Global Registry Services
      21345 Ridgetop Circle
      Dulles, VA 20166
      US
      703-948-7064 fax: 703-421-6703

   Record expires on 05-Jul-2005.
   Record created on 04-Jul-1995.
   Database last updated on 30-Jan-2003 08:40:32 EST.

   Domain servers in listed order:

   A.ROOT-SERVERS.NET           198.41.0.4
   F.ROOT-SERVERS.NET           192.5.5.241
   J.ROOT-SERVERS.NET           198.41.0.10
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Daily DNS ?