Check Point Firewall-1 dropping return Bind 9.2.2.rc1 dns packets

Mark_Andrews at isc.org Mark_Andrews at isc.org
Mon Feb 17 23:36:36 UTC 2003


> 
> We are experiencing problems related to bind 9.2.2.rc1 and
> checkpoint firewall-1.
> 
> Some of the return dns packets are being partially dropped at the
> firewall for a reason unknown to me, others are allowed to pass as expected.
> Our firewall admin is telling me that checkpoint is dropping on rule 0, as
> if it is no longer in the state table.
> 
> When using dig to lookup hostnames against a bind 9 server the initial
> request times out but then another immediate request of the same address
> shows that the data has been cached, and thus the requested is returned.
> 
> If the timeout value used with dig is increased (say to 60) this will all so
> produce the desired result.
> 
> We only see this problem with the bind 9 servers in the environment.
> Machines running queries against bind 4 servers do not suffer this fate.
> 
> Can anyone offer suggests to fix or work around this
> problem? Thanks.
> 
	Named will try recursive queries for 90 seconds before giving
	up.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list