forwarders not falling back to tcp
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Dec 2 22:46:31 UTC 2004
Edvard Tuinder <listbind at lunytune.nl> wrote:
> Hi,
> I have a number of nameservers which are within a DMZ and are using
> external nameservers for all external resolution. The configuration
> is as follows
> options {
> forwarders { 81.82.11.4; 81.82.11.7; };
> forward only;
> edns-udp-size 512;
> };
> For some reason the firewall between the internal and external nameserv=
ers
> stopped forwarding UDP dns requests, but TCP connections could still be
> made. But somehow bind-9.2.1 and bind-9.3.0 do not seem to try using TC=
P
> when used in this setup.
Fix the firewall. Better yet, remove forwarding.
> Is this expected behaviour or a bug? This also creeps up for edns
It's a bug in your firewall.=20
> packets I had to limit the advertised edns packet size to 512 bytes
> (due to, again, pix configuration issues), as bind does not seem to
> retry these via TCP either if the response requires more than 512 bytes.
> Any work around, other then fixing the pix?
"Fix the pix" ( hey it's rocks !)
> Thanks,
> -Ed
--=20
Peter H=E5kanson =20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out=
,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list