You are not logged in.
- Topics: Active | Unanswered
#1 2024-01-09 04:02:33
- webman
- Member
- Registered: 2022-08-27
- Posts: 22
exim4 floods dns (and its log) with AAAA queries, though NO ipv6 avail
Hello!
Wondering, why my DNS log (dnsmasq) is that large and took an tcpdump.
Easy to see, that my new devuan daedalus (running in KVM) causes this,
but the root cause is not easy to find.
Now, that I have Systemtap made running, this is a snip.
stap /ops/monits/watchport53.stp
exim4[15354] sent packet to 192.168.26.254:53
exim4[15354] sent packet to 192.168.26.254:53
exim4[15364] sent packet to 192.168.26.254:53So, exim4 ist the beast - dnsmasq shows:
04:55:07 dnsmasq[236175]: 3981 192.168.99.58/35315 query[AAAA] devu5test.home.local from 192.168.26.58
04:55:07 dnsmasq[236175]: 3981 192.168.99.58/35315 config devu5test.home.local is NODATA-IPv6
04:55:07 dnsmasq[236175]: 3981 192.168.99.58/36463 query[AAAA] devu5test1kvm from 192.168.26.58
04:55:07 dnsmasq[236175]: 3981 192.168.99.58/36463 config devu5test1kvm is NODATA-IPv6The hit to this is the fact, that it queries for its own host, which
does not have any ipv6 address (disabled by kernel commandline)
and no ipv6 addresses in hosts.
The other importent problem with this is, that it makes dns-log checks a pain.
Note (later added): I've removed the ipv6 address from exim's config.
How can I stop this dirty packet flood?
Thanks,
Manfred
Last edited by webman (2024-01-09 04:26:50)
Offline
