Re: bind 9.2.2 recursive lookup problem
On Fri, Jun 13, 2003 at 03:33:34AM +1000, Russell Coker wrote:
> On Fri, 13 Jun 2003 01:42, Simon McCartney wrote:
> > Have you got any firewall's between you and the big bad world? I've seen
> > Checkpoint FW-1 dropping DNS UDP packets, claiming they were badly formed
> > and part of an attack, when afaics they were fine, coming from a BIND 9.2.1
> > debian box.
>
> Here's a way a problem can occur.
>
> Have a DNS server on the net configured to only use port 1434, 137..139, or
> 445 for it's queries.
>
> Most firewalls block those ports for obvious reasons. So when your name
> server tries to answer a query from such a machine it gets blocked.
>
> Now the reported problem occurred with BIND being on the client end. If you
> have BIND configured to use a source port that happens (for some reason) to
> be considered bad by the firewall at the other end (or at some ISP in
> between) then a similar result can occur.
>
The blocked queries were from fairly random ports, and not in the ranges
you suggest, I tied the queries to 53 using query-source port and it had
no effect on the packets being dropped :-(
-simonm (E: simon@asidua.com W: +44 28 9072 5060 M: +44 7710 836915)
chown me /world
Reply to: