multiple queries causing problems with PIX.

Joel jc517 at wmi.com
Fri Apr 23 18:43:27 UTC 2004


Hi,

I'm having a problem with my PIX when bind makes multiple queries in
quick succession. On the inside of the firewall we are running
and old and dusty 8.4.4. If this forwards more than one request to
the outside system then only the first response gets back in.
The firewall blocks the rest. I have dns fixup turned off but
you can't bypass DNS Guard. Has anyone else seen this problem?
Is there a work around I can use? I suppose I could, dare I
say it, use a different port to side step part of the problem.
It would still be an issue when I query a root server or my
ISP.

Should I just ignore this? It seems like things are working and
when a response gets dropped bind picks a different server and
tries again. It only seems to do this for some of the dropped
responses. If it's safe to ignore it I'll try to configure the
PIX not to log these warnings and just pretend it never happened.

Thanks for any light you can shed on this.
  - Joel


More information about the bind-users mailing list