[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] What are these errors?
|
Hi Travis,
That does look like a DNS lookup problem to me. The failure is
happening inside the libwrap/tcpd library. If the failure was leading
to the client being denied access, you would see messages in the
format "Client connection from <address> denied access by tcpd." in
the mosquitto log.
You mention you have entries in /etc/hosts.allow, are you actively
using this for mosquitto?
Regards,
Roger
On Wed, 30 Mar 2022 at 22:00, Travis Griggs <travisgriggs@xxxxxxxxx> wrote:
>
> My broker (2.0.14 from the ppa) running on Ubuntu 20.04.2 LTS (Focal Fossa) at Rackspace, is frequently reporting lines like the following in the systemd journal:
>
> mosquitto[674]: warning: /etc/hosts.allow, line 39: can't verify hostname: getaddrinfo(pin-064-185-102-178.static.pocketinet.com, AF_INET) failed
>
> The ip addresses vary. Sometimes they're just onesie/twosies, sometimes they come in bursts. I typically have 100-400 clients publish/subscribed. They use TLS.
>
> I do have a custom authentication plugin, but it just validates user/pass against topic patterns.
>
> A local sysadmin says these are just reverse dns lookup errors. And thinks they are benign. Are they? If they are benign, why are they even in there? Or is there something I should be changing in my configuration? My configuration looks like:
>
> $ cat /etc/mosquitto/mosquitto.conf
> # Place your local configuration in /etc/mosquitto/conf.d/
> #
> # A full description of the configuration file is at
> # /usr/share/doc/mosquitto/examples/mosquitto.conf.example
>
> #persistence true
> #persistence_location /var/lib/mosquitto/
>
> log_dest file /var/log/mosquitto/mosquitto.log
>
> include_dir /etc/mosquitto/conf.d
>
> AND
>
> $ cat /etc/mosquitto/conf.d/*.conf
> listener 8883
> capath /etc/ssl/certs
> certfile /etc/letsencrypt/live/this_host/fullchain.pem
> keyfile /etc/letsencrypt/live/this_host/privkey.pem
> #allow_anonymous true
> allow_anonymous false
> auth_plugin /etc/mosquitto/conf.d/custom_authplugin.so
> log_timestamp_format %Y-%m-%dT%H:%M:%S
> log_type all
> connection_messages true
>
> Line 39 of the /etc/hosts.allow is just
> ALL : 50.56.142. # Rackspace Cloud Monitoring
>
> Thanks for any help. I've been using MQTT/mosquitto for about 4 years now to facilitate ag automation, and I love it.
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev