[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind 9.2.2 recursive lookup problem

On Fri, Jun 13, 2003 at 03:33:34AM +1000, Russell Coker wrote:
> On Fri, 13 Jun 2003 01:42, Simon McCartney wrote:
> > Have you got any firewall's between you and the big bad world? I've seen
> > Checkpoint FW-1 dropping DNS UDP packets, claiming they were badly formed
> > and part of an attack, when afaics they were fine, coming from a BIND 9.2.1
> > debian box.
> Here's a way a problem can occur.
> Have a DNS server on the net configured to only use port 1434, 137..139, or 
> 445 for it's queries.
> Most firewalls block those ports for obvious reasons.  So when your name 
> server tries to answer a query from such a machine it gets blocked.
> Now the reported problem occurred with BIND being on the client end.  If you 
> have BIND configured to use a source port that happens (for some reason) to 
> be considered bad by the firewall at the other end (or at some ISP in 
> between) then a similar result can occur.

The blocked queries were from fairly random ports, and not in the ranges
you suggest, I tied the queries to 53 using query-source port and it had
no effect on the packets being dropped :-(

-simonm (E: simon@asidua.com W: +44 28 9072 5060 M: +44 7710 836915)
chown me /world

Reply to: