Re: [leaf-user] udp masq entry and dns abuse
Please tell us a bit more. 1. What version of LEAF is involved? 2. How many clients are involved? (Without that information, how can anyone answer the question you ask: is it because there are too many clients in my internal network?) What is the volume of DNS lookup activity on the system? 3. When you stop dnscachex, how are the internal clients resolving off-LAN names? 4. Am I correct in reading the diagram you posted as saying that the internal subnets connect to eth1 on the RH host? Then they use the RH host as some sort of router (NAT'ing?) to reach the LEAF router? 5. Finally, am I correct in assuming that there is an actual problem with DNS, not just a lot of messages in the LEAF router's logs? If not, why not just ignore the log messages? Luis' suggestion -- that you run dnscache on the LEAF router, not the RH host -- should work for the reason he says. But it assumes that the LEAF router has sufficient memory to store the cache (and enough CPU to do the work, though missing that is unlikely). An alternative ... at least for some versions of LEAF ... is to change the MASQ timeouts so idle connections terminate more quickly. Getting this timing right is especially important for UDP, since they don't terminate explicitly, as TCP connections (often) do. I suspect you would do better to understand what is causing the problem before you try to fix it. A DNS cache on-LAN should serve to reduce DNS traffic (since many responses will be cached) below what would occur if the various LAN clients were doing individual DNS queries to off-LAN nameservers. For you to see a MASQ problem involving this setup, you would almost surely have to A. be doing a very high volume of Internet activity to different FQNs (so the cache doesn't reduce query volume effectively). B. Have comparatively long MASQ timeouts set, so connections do not expire promptly. C. Possibly, have dnscachex set up improperly, so it does not cache as much as it should. At 06:59 PM 2/16/2004 -0800, greg gede wrote: Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864) here's my network looks like : - --- |leaf-router| |RH9 squid dnscachex| to -|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | - --- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C --| everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it? --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] udp masq entry and dns abuse
greg gede wrote: Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864) Just like Luis and Ray I will also be doing some guessing, it seems that you have had this problem earlier, according to the mail archive - http://sourceforge.net/mailarchive/forum.php?thread_id=3802081forum_id=5483 - which assumes you are still using the Dachstein CD. It's mentioned in the docs that you should increase the cache more than its default size of 1 Meg if you are running a large network. http://leaf.sourceforge.net/devel/cstein/Packages/dnscache.htm (Nr.6) here's my network looks like : - --- |leaf-router| |RH9 squid dnscachex| to -|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | - --- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C --| everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it? As Luis and Ray have already mentioned, dnscachex should not be running on the RH9 box but only on the LEAF router since it is designed as an external cache service. It can be done, yes, but it can get to be quite tricky to administer for a large network. If you have dnscache already running on the LEAF box just disable the dnscachex service on RH9 - http://cr.yp.to/daemontools/faq/create.html#remove The documentation at Mr. Bernstein's site is quite straight forward and easy to grasp if DNS issues seem to be confusing at times... http://cr.yp.to/djbdns.html -- Patrick Benson Stockholm, Sweden --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] udp masq entry and dns abuse
My uneducated guess is that with this setup, every dnscache query to the DNS servers, also counts as a NAT connection. You should move dnscache to youe leaf-router to avoid this. Also, with this setup, you have in fact double NAT. Web caching is possible using only one eth on your RH9 box. But again, these are only my 0.02 EUR cents ;) Luis Correia Bering uClibc Team Member PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu -Original Message- From: greg gede [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 2:59 AM To: leaf-user; milis securityfocus Subject: [leaf-user] udp masq entry and dns abuse Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864) here's my network looks like : - --- |leaf-router| |RH9 squid dnscachex| to -|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | - --- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C --| everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it? any suggestion will be very appreciated. regards, gregor __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] udp masq entry and dns abuse
Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864) here's my network looks like : - --- |leaf-router| |RH9 squid dnscachex| to -|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | - --- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C --| everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it? any suggestion will be very appreciated. regards, gregor __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
