UDP > 1024 (was: not getting it... through the firewall)

Stefan Niederhauser sn at atelier-w.ch
Fri Feb 16 11:20:17 UTC 2001



> I can't seem to get any answer from pasu.i-love-u.ch (213.189.129.57) at all. For
> *any* query.

Thanks Kevin for trying!

that's what i got from you in my logs. still, you did not get anything
back.

Feb 15 22:19:00 pasu-inhouse named[1099]:
XX+/204.189.94.70/i-hate-u.ch/NS/IN
Feb 15 22:19:05 pasu-inhouse named[1099]:
XX+/204.189.94.70/i-hate-u.ch/NS/IN
Feb 15 22:20:39 pasu-inhouse named[1099]:
XX+/204.189.94.70/pasu.i-love-u.ch/A/IN
Feb 15 22:20:44 pasu-inhouse named[1099]:
XX+/204.189.94.70/pasu.i-love-u.ch/A/IN


i found out the following: if i use nslookuop -v (use virtual circuits)
i get through to my server (over tcp), but not without (over udp).

on the firewall "source udp 53 -> dest udp 53" is forwarded to my
server, but my isp says, it's not possible to map something like "source
upd 53 dest udp any" or "source upd 53 dest udp > 1024", which i think
would be correct (?).

so.. while i can do nslookups and the slave server can transfer zones,
my NIC still does not  accept the SOA for the domain.

any remedies in sight?
thanks for any advice!

stefan.





> Stefan Niederhauser wrote:
> 
> > dear all.
> >
> > i've been desperately trying to configure a nameserver behind a
> > NAT-firewall for a week now - without any success. bind8.2.3 seems to be
> > configured fine, i can query the server (pasu.i-love-u.ch) from outside
> > the firewall (try i-hate-u.ch), however the server times out when my NIC
> > in switzerland checks it for SOA (https://wwws.nic.ch/reg/nscheck/nscheck.cfm).
> >
> > I checked with my ISP, but all he said, is that port 53 tcp/udp are
> > forwarded correctly. i do have allow-transfer {any;}. i also got
> > "query-source address 192.168.0.10 port 53" in named.conf. what else?
> > revese lookup for pasu should also be fine.
> >
> > any advice? i attached my config, just in case..
> > thanks a lot!
> >
> > stefan.
> >
> > named.conf:
> > ------------------
> > zone "i-hate-u.ch"    IN {
> >         type master; file "master/i-hate-u.ch.zone";
> >         allow-transfer { any; };
> > };
> >
> > i-hate-u.ch.zone:
> > ------------------
> > $ORIGIN i-hate-u.ch.
> > $TTL 1D
> > i-hate-u.ch.            1D IN SOA       pasu.i-love-u.ch.
> > root.pasu.i-love-u.ch. (
> >                         200102082       ; serial
> >                         3H              ; refresh
> >                         15M             ; retry
> >                         1W              ; expiry
> >                         1D )            ; minimum
> >
> >                 IN NS           pasu.i-love-u.ch.
> >                 IN NS           ns2.magnet.ch.
> >                 IN MX   20      mail.magnet.ch.
> >                 IN A            213.189.129.57
> > www             IN A            213.189.129.57
> > ftp             IN CNAME        www
> > pop3            IN CNAME        www
> > mail            IN CNAME        www
> > smtp            IN CNAME        www
> > list            IN CNAME        www


More information about the bind-users mailing list