forwarders not falling back to tcp

phn at phn at
Thu Dec 2 22:46:31 UTC 2004

Edvard Tuinder <listbind at> wrote:
> Hi,

> I have a number of nameservers which are within a DMZ and are using
> external nameservers for all external resolution. The configuration
> is as follows

> options {
>   forwarders {;; };

>   forward only;

>   edns-udp-size 512;
> };

> For some reason the firewall between the internal and external nameserv=
> stopped forwarding UDP dns requests, but TCP connections could still be
> made. But somehow bind-9.2.1 and bind-9.3.0 do not seem to try using TC=
> when used in this setup.

Fix the firewall. Better yet, remove forwarding.

> Is this expected behaviour or a bug? This also creeps up for edns

It's a bug in your firewall.=20

> packets I had to limit the advertised edns packet size to 512 bytes
> (due to, again, pix configuration issues), as bind does not seem to
> retry these via TCP either if the response requires more than 512 bytes.

> Any work around, other then fixing the pix?
"Fix the pix" ( hey it's rocks !)

> Thanks,

> -Ed

Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out=
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list