rsync 2.5.1 error message reverse name lookup mismatch on fd5

Tue May 14 20:13:01 EST 2002

Hi,

I am receiving "reverse name lookup mismatch" errors on one of our rsync
servers.  The clients address is both forward and reverse resolvable. 
The server is a RedHat 6.2 machine running rsync 2.5.1 and the clients
are Redhat 7.2 machines running rsync 2.5.1.  Both the server and the
clients have free disk space and inodes.  The server was started by root
as "/usr/local/bin/rsync --daemon".

The server is configured to only allow connections from certain IP
addresses with "hosts allow=" in the rsyncd.conf file.  It does not
accept host names in this config line, rejecting such clients with
"access denied to mrtg from unknown".

The clients command line is: rsync-2.5.1/rsync -vz
rsync://rsync@old-kennedia.services.adelaide.edu.au/mrtg/*
/var/www/html/mrtg-data/

When a client connects, tcpdump shows that the rsync server queries the
name server with "120.46.127.129.in-addr.arpa" and gets a PTR back for
"gum.its.adelaide.edu.au".  It then tries IPv6 address queries on the
following addresses (based on /etc/resolv.conf) and fails.  Next it
tries an IPv4 address query on "gum.its.adelaide.edu.au" and gets the
address 129.127.46.120.  Finally it queries
"120.46.127.129.in-addr.arpa." and gets a pointer to
"gum.its.adelaide.edu.au.".  A tcpdump of this is included below.

The server then records:
May 15 12:09:08 old-kennedia rsyncd[2867]: rsync: reverse name lookup
mismatch on fd5 - spoofed address?

and the client:
rsync: read error: Connection reset by peer
rsync error: error in rsync protocol data stream (code 12) at io.c(151)

One of the clients is 129.127.46.120 (gum.its.adelaide.edu.au).  The
other is 129.127.43.11 (kennedia.services.adelaide.edu.au).

Any ideas as to what is misconfigured?

The servers rsyncd.conf is:
# motd file = /etc/motd.rsync
pid file = /var/run/rsyncd.pid

# log file = /var/log/rsync.log
syslog facility = local5
# socket options =
uid = root
gid = root

[mrtg]
        path = /home/sburfo01/mrtg/work/
        use chroot = true
        max connections = 5
        read only = true
        list = false
        auth users = rsync
        secrets file = /etc/rsyncd.secrets
        strict modes = true
        hosts allow = gum.its.adelaide.edu.au
kennedia.services.adelaide.edu.au 129.127.43.11 129.127.46.120
        transfer logging = false
        comment = whole home area (approx 20 MB)

-- 
Sean Burford

12:09:08.381162 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3982+ PTR? 120.46.127.129.in-addr.arpa. [|domain] (ttl 64, id 26760, len
73)

12:09:08.383331 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3982* q: PTR? 120.46.127.129.in-addr.arpa. 1/9/9
120.46.127.129.in-addr.arpa. PTR gum.its.adelaide.edu.au. ns:
127.129.in-addr.arpa. NS ns.adelaide.edu.au., 127.129.in-addr.arpa. NS
augean.eleceng.adelaide.edu.au., 127.129.in-addr.arpa. NS
escher.arch.adelaide.edu.au., 127.129.in-addr.arpa. NS
abel.maths.adelaide.edu.au., 127.129.in-addr.arpa. NS ns1.anu.edu.au.,
127.129.in-addr.arpa. NS ns.saard.net., 127.129.in-addr.arpa. NS
dukedns1.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns2.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns3.netcom.duke.edu. ar: ns.adelaide.edu.au. A 129.127.40.3,
augean.eleceng.adelaide.edu.au. A 129.127.28.4,
escher.arch.adelaide.edu.au. A 129.127.83.1, abel.maths.adelaide.edu.au.
A 129.127.5.10, ns1.anu.edu.au. A 150.203.1.10, ns.saard.net. A
203.21.37.18, dukedns1.netcom.duke.edu. A 152.3.250.1,
dukedns2.netcom.duke.edu. A 152.3.250.2, dukedns3.netcom.duke.edu. A
128.109.131.40 (455) (ttl 28, id 45392, len 483)

12:09:08.384913 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3983+ AAAA? gum.its.adelaide.edu.au. [|domain] (ttl 64, id 26764, len
69)

12:09:08.385781 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3983* q: AAAA? gum.its.adelaide.edu.au. 0/1/0 ns: adelaide.edu.au. SOA
ns.adelaide.edu.au. hostmaster.adelaide.edu.au. 2002051545 1800 1800
2592000 86400 (91) (ttl 28, id 45393, len 119)

12:09:08.386196 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3984+ AAAA? gum.its.adelaide.edu.au.services.adelaide.edu.au. [|domain]
(ttl 64, id 26767, len 94)

12:09:08.387043 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3984 NXDomain* q: AAAA?
gum.its.adelaide.edu.au.services.adelaide.edu.au. 0/1/0 ns:
adelaide.edu.au. SOA ns.adelaide.edu.au. hostmaster.adelaide.edu.au.
2002051545 1800 1800 2592000 86400 (116) (ttl 28, id 45394, len 144)

12:09:08.387476 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3985+ AAAA? gum.its.adelaide.edu.au.itd.adelaide.edu.au. [|domain] (ttl
64, id 26770, len 89)

12:09:08.388345 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3985 NXDomain* q: AAAA? gum.its.adelaide.edu.au.itd.adelaide.edu.au.
0/1/0 ns: adelaide.edu.au. SOA ns.adelaide.edu.au.
hostmaster.adelaide.edu.au. 2002051545 1800 1800 2592000 86400 (111)
(ttl 28, id 45395, len 139)

12:09:08.388767 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3986+ AAAA? gum.its.adelaide.edu.au.adelaide.edu.au. [|domain] (ttl 64,
id 26773, len 85)

12:09:08.389615 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3986 NXDomain* q: AAAA? gum.its.adelaide.edu.au.adelaide.edu.au. 0/1/0
ns: adelaide.edu.au. SOA ns.adelaide.edu.au. hostmaster.adelaide.edu.au.
2002051545 1800 1800 2592000 86400 (107) (ttl 28, id 45396, len 135)

12:09:08.391231 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3987+ A? gum.its.adelaide.edu.au. [|domain] (ttl 64, id 26777, len 69)

12:09:08.393397 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3987* q: A? gum.its.adelaide.edu.au. 1/9/9 gum.its.adelaide.edu.au. A
129.127.46.120 ns: adelaide.edu.au. NS ns.adelaide.edu.au.,
adelaide.edu.au. NS augean.eleceng.adelaide.edu.au., adelaide.edu.au. NS
escher.arch.adelaide.edu.au., adelaide.edu.au. NS
abel.maths.adelaide.edu.au., adelaide.edu.au. NS ns1.anu.edu.au.,
adelaide.edu.au. NS ns.saard.net., adelaide.edu.au. NS
dukedns1.netcom.duke.edu., adelaide.edu.au. NS
dukedns2.netcom.duke.edu., adelaide.edu.au. NS dukedns3.netcom.duke.edu.
ar: ns.adelaide.edu.au. A 129.127.40.3, augean.eleceng.adelaide.edu.au.
A 129.127.28.4, escher.arch.adelaide.edu.au. A 129.127.83.1,
abel.maths.adelaide.edu.au. A 129.127.5.10, ns1.anu.edu.au. A
150.203.1.10, ns.saard.net. A 203.21.37.18, dukedns1.netcom.duke.edu. A
152.3.250.1, dukedns2.netcom.duke.edu. A 152.3.250.2,
dukedns3.netcom.duke.edu. A 128.109.131.40 (430) (ttl 28, id 45397, len
458)

12:09:08.394569 129.127.43.22.4085 > 129.127.40.3.domain:  [udp sum ok]
3988+ PTR? 120.46.127.129.in-addr.arpa. [|domain] (ttl 64, id 26780, len
73)

12:09:08.396727 129.127.40.3.domain > 129.127.43.22.4085:  [udp sum ok]
3988* q: PTR? 120.46.127.129.in-addr.arpa. 1/9/9
120.46.127.129.in-addr.arpa. PTR gum.its.adelaide.edu.au. ns:
127.129.in-addr.arpa. NS ns.adelaide.edu.au., 127.129.in-addr.arpa. NS
augean.eleceng.adelaide.edu.au., 127.129.in-addr.arpa. NS
escher.arch.adelaide.edu.au., 127.129.in-addr.arpa. NS
abel.maths.adelaide.edu.au., 127.129.in-addr.arpa. NS ns1.anu.edu.au.,
127.129.in-addr.arpa. NS ns.saard.net., 127.129.in-addr.arpa. NS
dukedns1.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns2.netcom.duke.edu., 127.129.in-addr.arpa. NS
dukedns3.netcom.duke.edu. ar: ns.adelaide.edu.au. A 129.127.40.3,
augean.eleceng.adelaide.edu.au. A 129.127.28.4,
escher.arch.adelaide.edu.au. A 129.127.83.1, abel.maths.adelaide.edu.au.
A 129.127.5.10, ns1.anu.edu.au. A 150.203.1.10, ns.saard.net. A
203.21.37.18, dukedns1.netcom.duke.edu. A 152.3.250.1,
dukedns2.netcom.duke.edu. A 152.3.250.2, dukedns3.netcom.duke.edu. A
128.109.131.40 (455) (ttl 28, id 45398, len 483)