MS DNS and BIND DNS

[Merton Campbell Crockett]

On Tue, 29 Jun 1999, sharun wrote:

s} - The problem(s):
s} 
s} 	1. When we use BIND DNS, and set our server to external
s} 	   DNS server, we have no problem resolving any site
s} 	   (internal and external). We have no problem also when
s} 	   we use default DNS server (which is inside the firewall).
s} 
s} 	2. When we use Microsoft DNS, and set our server to external
s} 	   DNS server, we cannot resolve (inside and outside). But,
s} 	   when we point it to our internal DNS server, it has no
s} 	   problem.

Look at your firewall configuration.  

Using tcpdump to look at traffic, I found Microsoft's DNS used TCP instead
of UDP for its general DNS queries.  This may have changed in the last few
years.

Many firewalls are configured based on the assumption that DNS queries use
UDP and will deny access to all systems that uses TCP for DNS queries. The
assumption is that TCP is used only for DNS zone transfers that you don't
want to allow if you are using a "split DNS".


s} 
s} 	3. When we point it to our internal ip of the firewall, it 
s} 	   works fine.
s} 
s} Does any of you have any idea why this is happening? Sorry, I'm new
s} in DNS stuffs. By the way, one important note: we point our Microsoft
s} DNS server to BIND DNS server (in cases 1 and 2). 
s} 
s} Thanks in advance.
s} Ridhuan.
s} 
s} 
s} 

			     Merton Campbell Crockett
+---------------------------------------------------------------------------+
| Manager, Network Operations & Services | Senior Network/Security Engineer |
| GTE Government Systems Corporation     |     Naval Surface Warfare Center |
| Electronic Systems Division		 |            Port Hueneme Division |
| Intelligence Systems Organization	 |                   IT/TIS Program |
| Thousand Oaks, CA			 |                 Port Hueneme, CA |
+---------------------------------------------------------------------------+