Hobbit DNS queries
Darren.Cotton at ses-astra.com
Darren.Cotton at ses-astra.com
Wed Oct 3 11:14:01 CEST 2007
I've modified hobbitlaunch.cfg and bb-hosts as follows:
[bbnet]
ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg
NEEDS hobbitd
CMD bbtest-net --report --ping --checkresponse --dns=ip
LOGFILE $BBSERVERLOGS/bb-network.log
INTERVAL 5m
page network1 Network Connectivity
group-compress <H3>Network Connectivity</H3>
0.0.0.0 .default. # testip
172.17.1.3 HSRP-INTERN2 #
172.17.1.2 HSRP-INTERN1 #
...
but using tcp dump I still see an excessive number of DNS queries some of
which are causing errors in my firewall
Firewall log:
Internal error: unexpected server response (UDP: 212.56.224.20
/53->212.56.225.37/10107) received
TCPDump:
10:38:52.631724 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
44021+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (44)
10:38:52.633077 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
44021 1/2/0 (112)
10:38:52.773900 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
30144+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (41)
10:38:52.775239 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
30144 NXDomain 0/1/0 (118)
10:38:52.839587 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
36245+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (42)
10:38:52.841468 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
36245 NXDomain 0/1/0 (119)
10:38:52.863323 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
56659+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (43)
10:38:52.864689 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
56659 NXDomain 0/1/0 (120)
10:38:52.884812 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
22309+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (42)
10:38:52.886169 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
22309 NXDomain 0/1/0 (119)
10:38:52.979260 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
57782+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (44)
10:38:52.982108 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
57782* 1/3/3 (194)
10:38:52.995493 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
25046+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (40)
10:38:52.996348 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
25046 NXDomain 0/1/0 (117)
10:38:53.007502 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
50164+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (44)
10:38:53.008591 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
50164 NXDomain* 0/1/0 (113)
10:38:53.120913 IP hobbit2.domain.com.33026 > dns1.domain.com.domain:
8474+ PTR? xxx.xxx.xxx.xxx.in-addr.arpa. (44)
10:38:53.122267 IP dns1.domain.com.domain > hobbit2.domain.com.33026:
8474* 1/3/3 (188)
Anyone any ideas?
DISCLAIMER:
This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail.
More information about the Xymon
mailing list