Re: [mosquitto-dev] What are these errors?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] What are these errors?

From: Roger Light <roger@xxxxxxxxxx>
Date: Wed, 30 Mar 2022 22:33:41 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hi Travis,

That does look like a DNS lookup problem to me. The failure is
happening inside the libwrap/tcpd library. If the failure was leading
to the client being denied access, you would see messages in the
format "Client connection from <address> denied access by tcpd." in
the mosquitto log.

You mention you have entries in /etc/hosts.allow, are you actively
using this for mosquitto?

Regards,

Roger

On Wed, 30 Mar 2022 at 22:00, Travis Griggs <travisgriggs@xxxxxxxxx> wrote:
>
> My broker (2.0.14 from the ppa) running on Ubuntu 20.04.2 LTS (Focal Fossa) at Rackspace, is frequently reporting lines like the following in the systemd journal:
>
>   mosquitto[674]: warning: /etc/hosts.allow, line 39: can't verify hostname: getaddrinfo(pin-064-185-102-178.static.pocketinet.com, AF_INET) failed
>
> The ip addresses vary. Sometimes they're just onesie/twosies, sometimes they come in bursts. I typically have 100-400 clients publish/subscribed. They use TLS.
>
> I do have a custom authentication plugin, but it just validates user/pass against topic patterns.
>
> A local sysadmin says these are just reverse dns lookup errors. And thinks they are benign. Are they? If they are benign, why are they even in there? Or is there something I should be changing in my configuration? My configuration looks like:
>
> $ cat /etc/mosquitto/mosquitto.conf
> # Place your local configuration in /etc/mosquitto/conf.d/
> #
> # A full description of the configuration file is at
> # /usr/share/doc/mosquitto/examples/mosquitto.conf.example
>
> #persistence true
> #persistence_location /var/lib/mosquitto/
>
> log_dest file /var/log/mosquitto/mosquitto.log
>
> include_dir /etc/mosquitto/conf.d
>
> AND
>
> $ cat /etc/mosquitto/conf.d/*.conf
> listener 8883
> capath /etc/ssl/certs
> certfile /etc/letsencrypt/live/this_host/fullchain.pem
> keyfile /etc/letsencrypt/live/this_host/privkey.pem
> #allow_anonymous true
> allow_anonymous false
> auth_plugin /etc/mosquitto/conf.d/custom_authplugin.so
> log_timestamp_format %Y-%m-%dT%H:%M:%S
> log_type all
> connection_messages true
>
> Line 39 of the /etc/hosts.allow is just
> ALL : 50.56.142. # Rackspace Cloud Monitoring
>
> Thanks for any help. I've been using MQTT/mosquitto for about 4 years now to facilitate ag automation, and I love it.
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

Follow-Ups:
- Re: [mosquitto-dev] What are these errors?
  - From: Travis Griggs
- Re: [mosquitto-dev] What are these errors?
  - From: Travis Griggs

References:
- [mosquitto-dev] What are these errors?
  - From: Travis Griggs

Prev by Date: [mosquitto-dev] What are these errors?
Next by Date: Re: [mosquitto-dev] TLS v1.3 for PSK
Previous by thread: [mosquitto-dev] What are these errors?
Next by thread: Re: [mosquitto-dev] What are these errors?
Index(es):
- Date
- Thread

Breadcrumbs