Firewall issue (was Re: Non-existent host/domain)

[hiro yamada]

Hi there,
Hi Mark,

] From: Mark.Andrews at nominum.com

] I wrote:
] >
] > I have a problem to install bind8.2.3-REL on Solaris2.5.1/Intel86
] > as an upgrade from bind4.9.6-REL.   Its compilation was successful.
] > "/var/adm/messages" says as follows.
] >
] > 
-----------------------------------------------------------------------------
] > ----
] > named[6991]: starting (/etc/named.conf).  named 8.2.3-REL Mon Mar 12
] > 11:46:05 JST 2001
] >         root at ns.xxxxxx.ne.jp:/usr/local/src/bind8.2.3/src/bin/named
] > named[6991]: hint zone "" (IN) loaded (serial 0)
] > named[6991]: Zone "0.0.127.in-addr.arpa" (file 0.0.127.in-addr.arpa): No
] > default TTL ($TTL <value>) set, using SOA minimum instead
]
] 	Use a $TTL directive to fix this.  See RFC 2308 and/or
] 	http://www.nominum.com/resources/faqs/bind-faq.html

] > >www.cdnow.com
] > Server:  localhost
] > Address:  127.0.0.1
] >
] > ;; res_mkquery(0, www.cdnow.com, 1, 1)
] > timeout (5 secs)
] > timeout (10 secs)
] > timeout (20 secs)
] > timeout (40 secs)
]
]       BIND 8, behaves like any other dns client and uses a system assigned
]       port to make queries.  Please ensure that your firewall allow these
]       through and the answers back.  You can also fix the port used for
]       UDP queries via query-source.

All right, I inserted A $TTL line into db files and got a syslog without
any error in it.   But I still was NOT able to resolve remote names.
Local names were fine.   Then, I removed a firewall and tried the
query again.  The result was GOOD!    Named resolved remote names at
last.

So, I'd like to know which ports should I open for bind8.2.3-REL ?
When it was bind4.9.6-REL, I opend port 53 on tcp and udp which worked
well.  Do I need open other ports too this time?

Thank you for your suggestions,

TL
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.