query id=1?

[Barry Margolin]

In article <c22q17$1ak1$1 at sf1.isc.org>,
 hennessy at earl-grey.cloud9.net (hennessy) wrote:

> 	So is test.dnsstuff.com setting its query id to 1 for a
> particular reason (can clients set their own query id)?  Is there an
> issue with bind that prohibits or chokes on a query id of 1?  Apparently 

Query ID's are arbitrary, and only need to be unique among queries with 
the same source address and port.  Resolver clients don't usually set 
this, but it's possible to do so by modifying the _res structure used by 
Unix libresolve, or by constructing DNS query packets by hand (my guess 
is that this is what dnsstuff.com does, and he just picked ID=1 for lack 
of anything better to use).  The server shouldn't care about the query 
ID at all; all it's supposed to do is copy the ID from the query into 
the reply, so that the client can match it up with the queries it sent 
(if different source ports were used, the client can use the port number 
as the differentiator, which is why the query ID's don't have to be 
unique).

> one of our clients uses a mail provider that runs Exchange on the 
> Internet, who's having similar failures to resolve our IPs.  Is there 
> something I'm missing in my BIND config that other BINDs silently ignore?  
> From what I've heard, nobody else has this issue.

A common issue with Exchange is that it uses TCP for its MX queries, 
rather than UDP.  If you're blocking TCP port 53 to your server (as it 
appears you are), this could cause problems with Exchange.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA