Ipchains - Bind - Resolution Inconsistencies
Walt Howard
howard at rumba.ee.ualberta.ca
Thu Oct 2 18:54:12 UTC 2003
In article <blhpoo$tpm$1 at sf1.isc.org>,
In article <blho20$s4j$1 at sf1.isc.org>, J Laub <laubj at lakesoft.net> wrote:
>
>We are are experiencing an odd problem with the use of ipchains and
>bind. When the firewall is active, several name servers are totally
>unable to resolve any names on our dns. When the firewall is stopped
>all dns is resolved with incident. Am I doing something wrong? Does
>bind use any other odd ports?
>
>This should accept from external to fw:??
>
>ipchains -A input -i eth1 -s ! 10.0.0.x 1024:65535 -d 199.86.44.xxx 53
>-p udp -j ACCEPT
>
>ipchains -A output -i eth1 -s 199.86.44.xxx 53 -d ! 10.0.0.x 1024:65535
>-p udp -j ACCEPT
Your firewall is blocking tcp. If your resource record sets are too
large to fit in a 512-byte udp response, they will be marked as truncated
and most clients will retry using tcp (which your firewall blocks).
--
Walt Howard /"\ ASCII Ribbon Campaign
InterNet: whoward at ieee.org \ / No HTML in mail or news!
BellNet: +1 780 492 6306 X
/ \
More information about the bind-users
mailing list