Mark Andrews wrote:
In message <497caef2.80...@yahoo.com>, Andre LeClaire writes:
Hello everyone,
I've been seeing these syslog messages for about a week on a FreeBSD
server running BIND 9.4.3-P1:
Jan 25 02:35:21 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 03:43:32 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 04:49:59 asimov named[145]: client 206.71.158.30#139: error
sending response: permission denied
Jan 25 05:15:40 asimov named[145]: client 66.230.160.1#139: error
sending response: permission denied
Jan 25 07:45:11 asimov named[145]: client 206.71.158.30#139: error
sending response: permission denied
Jan 25 07:56:26 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 08:10:29 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 08:54:34 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 09:16:41 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 10:03:51 asimov named[145]: client 206.71.158.30#445: error
sending response: permission denied
Ports 135-139 and 445 are denied by the firewall on the outside
interface.
Why do you care about what port you are sending to? Just
allow named to send its replies.
Ports 135-139 and 445 are blocked on the outside interface to protect
the Windows networks on the inside, which use those ports, from the
savage Internet.
Are you saying that it's normal for named to send replies on those ports?
Also, the server has been up for over 3 years with no problems, and
these errors just started happening last week.
Andre
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users