icmp problem

Kevin Darcy kcd at daimlerchrysler.com
Tue Mar 13 22:19:35 UTC 2001


Hmmm... I don't think that will make a difference. I don't believe named uses the
services database to determine what port to listen on by default. If it did, then
I'd say that those ICMP packets were probably "port unreachable"s. But since named
is probably listening to port 53 regardless of what you do with your services
database, there would be no "port unreachable"s, so this doesn't explain the
ICMP packets.

BTW, according to the RFC's, the recommended transport for ordinary DNS queries
and responses is UDP. So what is it that you are trying to accomplish, that would
be worth violating the RFC recommendation?


- Kevin

Tom Nichols wrote:

> FWIW, we comment out the named UDP call in the services for all our DNS
> servers...TCP only (BSDI)
>
> Kevin Darcy wrote:
>
> > I'm sure named isn't sending ICMP packets deliberately. I consider it far
> > more likely that named's UDP packets are somehow triggering the networking
> > code in HP-UX to generate the ICMP packets, although offhand I can't imagine
> > how or why. Can you look at the ICMP packets to see what kind they are (echo
> > request/reply, source quench, redirect, timestamp or whatever)? Maybe there's
> > some configuration setting in HP-UX that would turn them off.
> >
> > - Kevin
> >
> > Hasan Övüç wrote:
> >
> > > Hi everyone,
> > >
> > >         I use bind-8.2.3 on HP-UX 11.00. Dns server is behind the firewall
> > > and dns server drops all icmp packets for security.An interesting thing, i
> > > see from firewall logs that dns server sends icmp packets for all queries.
> > > Although, all queries are done successfull. This is fairly meaningless.
> > >         A short time ago, i searched mailing list archive of bind and i
> > > don't find sufficient answer. I request your help.
>
> -- Binary/unsupported file stripped by Listar --
> -- Type: text/x-vcard
> -- File: tomn.vcf
> -- Desc: Card for Tom Nichols





More information about the bind-users mailing list