[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind 9.2.2 recursive lookup problem

On Fri, 13 Jun 2003 01:42, Simon McCartney wrote:
> Have you got any firewall's between you and the big bad world? I've seen
> Checkpoint FW-1 dropping DNS UDP packets, claiming they were badly formed
> and part of an attack, when afaics they were fine, coming from a BIND 9.2.1
> debian box.

Here's a way a problem can occur.

Have a DNS server on the net configured to only use port 1434, 137..139, or 
445 for it's queries.

Most firewalls block those ports for obvious reasons.  So when your name 
server tries to answer a query from such a machine it gets blocked.

Now the reported problem occurred with BIND being on the client end.  If you 
have BIND configured to use a source port that happens (for some reason) to 
be considered bad by the firewall at the other end (or at some ISP in 
between) then a similar result can occur.


Try using traceroute with the "-p" option or hping to send UDP packets to port 
53 and see what happens.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: