Z flag is different from 0
David Botham
DBotham at OptimusSolutions.com
Tue Nov 30 15:12:10 UTC 2004
bind-users-bounce at isc.org wrote on 11/30/2004 08:54:12 AM:
> Hi -
>
> I'm running ISC's bind 9.3.0 on Solaris 9. I have two servers (master =
> and secondard), which support a dozen (+/-) domains. We recently =
> upgraded our firewall to CheckPoint with thier SmartDefense product. (We
=
> had been running an older Gauntlet firewall)
I typically turn off the DNS checking in smartdefense.
hth,
dave...
>
> My issue is that SmartDefense is alerting on our outgoing DNS queries, =
> saying "Bad DNS Headers, Z flag is different from 0". I've looked at =
> RFC2929, which says:
>
> --quote--
> 2.1 One Spare Bit?
>
> There have been ancient DNS implementations for which the Z bit being
> on in a query meant that only a response from the primary server for
> a zone is acceptable. It is believed that current DNS
> implementations ignore this bit.
>
> Assigning a meaning to the Z bit requires an IETF Standards Action.
> ---------
>
> Should I be looking for a way to configure bind to not set the Z flag? =
> Or is there some other solution to this issue?
>
> Thanks in advance.
>
>
More information about the bind-users
mailing list