Re: [m0n0wall] Outbound DNS queries showing up as BLOCKED in logs?

From:	Jim McBeath <jimmc at macrovision dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	Michael Mee <mm2001 at pobox dot com>
Subject:	Re: [m0n0wall] Outbound DNS queries showing up as BLOCKED in logs?
Date:	Sat, 29 Nov 2003 23:03:52 -0800

On Sat, Nov 29, 2003 at 07:56:50PM -0800, Michael Mee wrote:
> > I have noticed that DNS queries on the WAN interface (sis2)
> > are showing up in my firewall log.
> 
> I'm noticing this, plus DNS queries from the Wi0 interface to the internal
> DNS forwarder, e.g.:
> 
> 19:45:08.466219 wi0 @0:15 B 10.0.0.160,1034 -> 10.0.0.1,53 PR udp len 20 70
> IN
> 19:45:09.462319 wi0 @0:15 B 10.0.0.160,1034 -> 10.0.0.1,53 PR udp len 20 70
> IN
> 19:45:10.462561 wi0 @0:15 B 10.0.0.160,1034 -> 10.0.0.1,53 PR udp len 20 70
> IN
> 
> I just upgraded from pb18 to pb20, but it may have been there previously - I
> haven't checked the logs in quite a while!  This is also on a Soekris 4521.
> 
> Needless to say, it makes the firewall logs pretty useless because there's
> so much noise there (I have 3+ users at any given time) in the form of DNS
> queries.
> 
> Any ideas on how to turn this off?

If you didn't explicitly tell it either to pass or block DNS, those
packets will be blocked and logged by default.  If you want to block but
not log, add an explicit rule to block DNS, and leave the log flag off
for that rule.

--
Jim