DNS and Firewall problems
Brad Knowles
brad.knowles at skynet.be
Mon Jun 25 21:13:31 UTC 2001
At 7:25 PM +0100 6/25/01, Nick Rogers wrote:
> I found the problem when I enabled port 53 UDP not just TCP, all is well now
When doing DNS, you have to make sure to enable port 53 for UDP
and TCP. The reason for this is that if you suffer from truncation
in the UDP response packet (because there's too much information),
the query is supposed to be thrown away and restarted with TCP. If
you block TCP, this means you are going to have severe problems
getting DNS resolution.
Moral of the story: Don't block port 53/TCP.
> You may know the answer to this however, I can only use 5 characters in my A
> record before the domain.com e.g. <webmail.domain.com> will not work, how
> ever <web.domain.com> is ok.
> I have spent no time so far in trying to resolve this I may have a crack at
> it later if I have the time.
Tell me the real domain name, and I might be able to help.
Otherwise, you need to fill in the details I previously asked for.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list