Sean Burford
2002-May-14 20:13 UTC
rsync 2.5.1 error message reverse name lookup mismatch on fd5
Hi,
I am receiving "reverse name lookup mismatch" errors on one of our
rsync
servers. The clients address is both forward and reverse resolvable.
The server is a RedHat 6.2 machine running rsync 2.5.1 and the clients
are Redhat 7.2 machines running rsync 2.5.1. Both the server and the
clients have free disk space and inodes. The server was started by root
as "/usr/local/bin/rsync --daemon".
The server is configured to only allow connections from certain IP
addresses with "hosts allow=" in the rsyncd.conf file. It does not
accept host names in this config line, rejecting such clients with
"access denied to mrtg from unknown".
The clients command line is: rsync-2.5.1/rsync -vz
rsync://rsync@old-kennedia.services.adelaide.edu.au/mrtg/*
/var/www/html/mrtg-data/
When a client connects, tcpdump shows that the rsync server queries the
name server with "120.46.127.129.in-addr.arpa" and gets a PTR back for
"gum.its.adelaide.edu.au". It then tries IPv6 address queries on the
following addresses (based on /etc/resolv.conf) and fails. Next it
tries an IPv4 address query on "gum.its.adelaide.edu.au" and gets the
address 129.127.46.120. Finally it queries
"120.46.127.129.in-addr.arpa." and gets a pointer to
"gum.its.adelaide.edu.au.". A tcpdump of this is included below.
The server then records:
May 15 12:09:08 old-kennedia rsyncd[2867]: rsync: reverse name lookup
mismatch on fd5 - spoofed address?
and the client:
rsync: read error: Connection reset by peer
rsync error: error in rsync protocol data stream (code 12) at io.c(151)
One of the clients is 129.127.46.120 (gum.its.adelaide.edu.au). The
other is 129.127.43.11 (kennedia.services.adelaide.edu.au).
Any ideas as to what is misconfigured?
The servers rsyncd.conf is:
# motd file = /etc/motd.rsync
pid file = /var/run/rsyncd.pid
# log file = /var/log/rsync.log
syslog facility = local5
# socket options uid = root
gid = root
[mrtg]
path = /home/sburfo01/mrtg/work/
use chroot = true
max connections = 5
read only = true
list = false
auth users = rsync
secrets file = /etc/rsyncd.secrets
strict modes = true
hosts allow = gum.its.adelaide.edu.au
kennedia.services.adelaide.edu.au 129.127.43.11 129.127.46.120
transfer logging = false
comment = whole home area (approx 20 MB)
--
Sean Burford
12:09:08.381162 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3982+ PTR? 120.46.127.129.in-addr.arpa. [|domain] (ttl 64, id 26760, len
73)
12:09:08.383331 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3982* q: PTR? 120.46.127.129.in-addr.arpa. 1/9/9
120.46.127.129.in-addr.arpa. PTR gum.its.adelaide.edu.au. ns:
127.129.in-addr.arpa. NS ns.adelaide.edu.au., 127.129.in-addr.arpa. NS
augean.eleceng.adelaide.edu.au., 127.129.in-addr.arpa. NS
escher.arch.adelaide.edu.au., 127.129.in-addr.arpa. NS
abel.maths.adelaide.edu.au., 127.129.in-addr.arpa. NS ns1.anu.edu.au.,
127.129.in-addr.arpa. NS ns.saard.net., 127.129.in-addr.arpa. NS
dukedns1.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns2.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns3.netcom.duke.edu. ar: ns.adelaide.edu.au. A 129.127.40.3,
augean.eleceng.adelaide.edu.au. A 129.127.28.4,
escher.arch.adelaide.edu.au. A 129.127.83.1, abel.maths.adelaide.edu.au.
A 129.127.5.10, ns1.anu.edu.au. A 150.203.1.10, ns.saard.net. A
203.21.37.18, dukedns1.netcom.duke.edu. A 152.3.250.1,
dukedns2.netcom.duke.edu. A 152.3.250.2, dukedns3.netcom.duke.edu. A
128.109.131.40 (455) (ttl 28, id 45392, len 483)
12:09:08.384913 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3983+ AAAA? gum.its.adelaide.edu.au. [|domain] (ttl 64, id 26764, len
69)
12:09:08.385781 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3983* q: AAAA? gum.its.adelaide.edu.au. 0/1/0 ns: adelaide.edu.au. SOA
ns.adelaide.edu.au. hostmaster.adelaide.edu.au. 2002051545 1800 1800
2592000 86400 (91) (ttl 28, id 45393, len 119)
12:09:08.386196 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3984+ AAAA? gum.its.adelaide.edu.au.services.adelaide.edu.au. [|domain]
(ttl 64, id 26767, len 94)
12:09:08.387043 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3984 NXDomain* q: AAAA?
gum.its.adelaide.edu.au.services.adelaide.edu.au. 0/1/0 ns:
adelaide.edu.au. SOA ns.adelaide.edu.au. hostmaster.adelaide.edu.au.
2002051545 1800 1800 2592000 86400 (116) (ttl 28, id 45394, len 144)
12:09:08.387476 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3985+ AAAA? gum.its.adelaide.edu.au.itd.adelaide.edu.au. [|domain] (ttl
64, id 26770, len 89)
12:09:08.388345 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3985 NXDomain* q: AAAA? gum.its.adelaide.edu.au.itd.adelaide.edu.au.
0/1/0 ns: adelaide.edu.au. SOA ns.adelaide.edu.au.
hostmaster.adelaide.edu.au. 2002051545 1800 1800 2592000 86400 (111)
(ttl 28, id 45395, len 139)
12:09:08.388767 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3986+ AAAA? gum.its.adelaide.edu.au.adelaide.edu.au. [|domain] (ttl 64,
id 26773, len 85)
12:09:08.389615 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3986 NXDomain* q: AAAA? gum.its.adelaide.edu.au.adelaide.edu.au. 0/1/0
ns: adelaide.edu.au. SOA ns.adelaide.edu.au. hostmaster.adelaide.edu.au.
2002051545 1800 1800 2592000 86400 (107) (ttl 28, id 45396, len 135)
12:09:08.391231 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3987+ A? gum.its.adelaide.edu.au. [|domain] (ttl 64, id 26777, len 69)
12:09:08.393397 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3987* q: A? gum.its.adelaide.edu.au. 1/9/9 gum.its.adelaide.edu.au. A
129.127.46.120 ns: adelaide.edu.au. NS ns.adelaide.edu.au.,
adelaide.edu.au. NS augean.eleceng.adelaide.edu.au., adelaide.edu.au. NS
escher.arch.adelaide.edu.au., adelaide.edu.au. NS
abel.maths.adelaide.edu.au., adelaide.edu.au. NS ns1.anu.edu.au.,
adelaide.edu.au. NS ns.saard.net., adelaide.edu.au. NS
dukedns1.netcom.duke.edu., adelaide.edu.au. NS
dukedns2.netcom.duke.edu., adelaide.edu.au. NS dukedns3.netcom.duke.edu.
ar: ns.adelaide.edu.au. A 129.127.40.3, augean.eleceng.adelaide.edu.au.
A 129.127.28.4, escher.arch.adelaide.edu.au. A 129.127.83.1,
abel.maths.adelaide.edu.au. A 129.127.5.10, ns1.anu.edu.au. A
150.203.1.10, ns.saard.net. A 203.21.37.18, dukedns1.netcom.duke.edu. A
152.3.250.1, dukedns2.netcom.duke.edu. A 152.3.250.2,
dukedns3.netcom.duke.edu. A 128.109.131.40 (430) (ttl 28, id 45397, len
458)
12:09:08.394569 129.127.43.22.4085 > 129.127.40.3.domain: [udp sum ok]
3988+ PTR? 120.46.127.129.in-addr.arpa. [|domain] (ttl 64, id 26780, len
73)
12:09:08.396727 129.127.40.3.domain > 129.127.43.22.4085: [udp sum ok]
3988* q: PTR? 120.46.127.129.in-addr.arpa. 1/9/9
120.46.127.129.in-addr.arpa. PTR gum.its.adelaide.edu.au. ns:
127.129.in-addr.arpa. NS ns.adelaide.edu.au., 127.129.in-addr.arpa. NS
augean.eleceng.adelaide.edu.au., 127.129.in-addr.arpa. NS
escher.arch.adelaide.edu.au., 127.129.in-addr.arpa. NS
abel.maths.adelaide.edu.au., 127.129.in-addr.arpa. NS ns1.anu.edu.au.,
127.129.in-addr.arpa. NS ns.saard.net., 127.129.in-addr.arpa. NS
dukedns1.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns2.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns3.netcom.duke.edu. ar: ns.adelaide.edu.au. A 129.127.40.3,
augean.eleceng.adelaide.edu.au. A 129.127.28.4,
escher.arch.adelaide.edu.au. A 129.127.83.1, abel.maths.adelaide.edu.au.
A 129.127.5.10, ns1.anu.edu.au. A 150.203.1.10, ns.saard.net. A
203.21.37.18, dukedns1.netcom.duke.edu. A 152.3.250.1,
dukedns2.netcom.duke.edu. A 152.3.250.2, dukedns3.netcom.duke.edu. A
128.109.131.40 (455) (ttl 28, id 45398, len 483)