ICMP/ Firewall issue

Danny Mayer mayer at gis.net
Thu Oct 19 03:38:37 UTC 2000


	The firewall admin should disallow ICMP, but then the DNS server doesn't
  send them.  Since you are behind the firewall, the firewall admin has to
  set up the firewall DNS as a slave to fetch these records from the your
  system, if that is the corporate policy to publish these addresses.  The DNS
  doesn't know or care about the user. The lookup request is not getting past
  the firewall.  If you turn on logging on the server serving the address,
you will
  see that it never received a request.

			Danny

At 11:09 AM 10/18/00 +0000, Rahcel Hannaway wrote:
>Is it possible to stop the DNS server sending out ICMP packets to
>check the user. I am currently getting no lookups from the server as
>the firewall admin has disallowed ICMP  - I have included a remote
>lookup below - what can I do so that ICMP traffic is not needed for a
>lookup ?
>
>from nslookup prompt with server set as our new server which is behind
>the firewall
>
> >www.hannaway.com
>Server:  {server name}
>Address:  {ip address}
>
>*** {server name} can't find www.hannaway.com: No response from server
>
>
>Thanks
>
>Rachel
> 



More information about the bind-users mailing list