Strange logs

Tim Frost timfrost at xtra.co.nz
Fri Jan 6 21:21:52 UTC 2006 

On Sat, 2006-01-07 at 02:26 +0530, Ashwani Jain wrote:
> Hi
> 
> While checking the logs of my Hardware firewall i came across few logs
> which were strange and I could not undertand the reason why such
> transations are happening from my Linux server UBUNTU 5.10 (breezy)
> where lots of services are working like - DNS, DHCP, Samba, SVN etc.
> 
> Few logs I have mentioned below:
> 
> allowed from 192.168.3.1 port 32793 to 192.43.172.30 port 53 UDP(allow
> by DNS)
> allowed from 192.168.3.1 port 32793 to 192.54.112.30 port 53 UDP(allow
> by DNS)
> allowed from 192.168.3.1 port 32793 to 192.5.6.30 port 53 UDP(allow by
> DNS)
> allowed from 192.168.3.1 port 32793 to 192.41.162.30 port 53 UDP(allow
> by DNS)
> allowed from 192.168.3.1 port 32793 to 192.42.93.30 port 53 UDP(allow
> by DNS)


These are DNS queries from your host.  Every time a process on the Linux
box needs DNS data that is not in your local cache, the nameserver
process needs to ask the authoritative servers for the data.   The above
log entries show that process happening.
> 
> If I try to do nslookup I get the following result:
> 
> $ nslookup 192.41.162.30
> 
> Server:         192.168.3.1
> Address:        192.168.3.1#53
> 
> Non-authoritative answer:
> 30.162.41.192.in-addr.arpa      name = l.gtld-servers.net.
> 
> Authoritative answers can be found from:
> 162.41.192.in-addr.arpa nameserver = a2.NSTLD.COM.
> 162.41.192.in-addr.arpa nameserver = c2.NSTLD.COM.
> 162.41.192.in-addr.arpa nameserver = d2.NSTLD.COM.
> 162.41.192.in-addr.arpa nameserver = e2.NSTLD.COM.
> 162.41.192.in-addr.arpa nameserver = f2.NSTLD.COM.
> 162.41.192.in-addr.arpa nameserver = g2.NSTLD.COM.
> 162.41.192.in-addr.arpa nameserver = l2.NSTLD.COM.
> 
> Please guide me about it.  Why such transactions are happenig.  If I
> have to stop these than how can I do that.  I also updated all the
> packages installed on my server using Synaptic.
> 
> Thanks & regards
> 
> Ashwani Jain
> Systems Administrator
> GISIL, 10th Floor, Tower A
> Signature Towers
> South City 1
> Gurgaon 121001
> Haryana, INDIA
> Handphone: +91-9811084143
> Fax : +91-124-5071700
> Office: +91-124-5071600 ext 202
> WEB:  http://www.gisil.com

More information about the ubuntu-users mailing list