Syslog and Massive amount of DNS requests...
I have an RHEL 4 server that is running a syslog daemon for a firewall. It was configured a few days ago. Today I've noticed a massive increase in the amount of DNS requests coming from the server in question going out to its only configured DNS server. These of course are logged by the firewall and dumped onto the firewall log on the system.
I stopped or killed every service on the machine that wasn't related the OS, still with no luck. I also removed the -r switch from the /etc/sysconfig/syslog file so nothing could write to the server. Still, no luck. Then, I commented out the entry in resolv.conf for the nameserver and poof, the DNS requests ceased, as expected.
I then turned on all of the services that I disabled and uncommented the resolv.conf file, and all was good, no large increase in DNS requests, so I thought I was good. I then remembered that I had syslog still "disabled" so I changed the syslog conf file to allow writing, and the firewall and the associated log began flooding with DNS requests again.
Can anyone please tell me if syslog attempts to resolve every address that's written to it, and if so, is there a way to disable that feature? Is there another piece of the puzzle I'm missing? I don't need any addresses resolved, and there's nothing but IP addresses in the logs, so if it is trying to resolve anything, it's not working.
Thanks in advance...
|