doesn´t resolve behind the firewall

Simon Waters Simon at wretched.demon.co.uk
Sat Jul 6 10:07:28 UTC 2002


Paulo Ricardo wrote:
> 
> I don´t know if this feature is the special feature of the last
> version of bind.

Nothing firewall related changed between 9.1 and 9.2.1 AFAIK,
this is probably a configuration issue with firewalling.
 
> I configured the dns server (redhat-7.3+bind-9.2.1) with the invalid
> ip, that access the internet trhougt the firewall. But it resolv only
> the names of your database, doesn´t resolve external names. The
> firewall let this machine access the internet only by port 53.

Depends on the specific rules... Whilst queries are to port 53
on remote machine by default the query will be from the
anonymous port range. 

Typically this is;  source port >53 destination port =53

Some admins reorganise this so that the "query source" port is
53 as well, this was done by very ancient versions of BIND.

> ps. in the same network, have a other dns server (redhat+bind-9.1.0)
> that get resolve the names correctly.

I'd go see if there are any "port" statements in the named.conf
of that server, or speak with your firewall admin to see what is
failing.

Real firewalls proxy DNS ;)


More information about the bind-users mailing list