udp packets and firewalls
Jim Reid
jim at rfc1035.com
Wed May 31 08:30:10 UTC 2000
>>>>> "Wayne" == Wayne Vigeant <wvigeant at ma.ultranet.com> writes:
Wayne> I'm currently working with a customer who has a single
Wayne> Internet access point. The customer's firewall allows dns
Wayne> queries from the Internet to pass through to an internal
Wayne> nameserver. The customer wants to add a second Internet
Wayne> access point and allow dns queries to pass through both of
Wayne> the Internet access points.
Wayne> Does the nameserver making the query care if the reply
Wayne> follows the same path as the query? It would appear not to
Wayne> matter but I just want to be sure bind doesn't care.
Unless some application switches on the IP-level record route option
there's no way of knowing which paths packets have taken other than
for the trivial cases. And even that option is limited to a maximum
hop count of 9. [pp 252-254 of TCP/IP Illustrated, V2.] The name
server doesn't set or use this option. AFAIK, ping is the only program
which uses this.
More information about the bind-users
mailing list