query problem ?? - B root Server

Ronan Flood ronan at noc.ulcc.ac.uk
Tue Feb 22 17:56:31 UTC 2005


"rene mathis" <rene at solosaina.ch> wrote:

> I also tried out to force the source port for queries to be 53. 
> The reason is that if there were responses from b.root-servers.net they came
> to a high port (the same as the source port) and from another ip adress 
> (192.228.79.200/2/3) than the query was sent to (192.228.79.201). And so the
> answer from the root server was dropped by our firewall. Since I have changed
> the source port to be 53, the response comes back to port 53 as well and it
> gets through our firewall.

Interesting, I see blocked UDP from 192.228.79.200/2/3 port 53
in my firewall logs.

> Maybe there are better solutions for this problem?

Should b.root-servers.net be doing this?  Even getting past the
firewall, I'd expect the receiving resolver to drop the response
as coming from an unexpected source.

-- 
                      Ronan Flood <R.Flood at noc.ulcc.ac.uk>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)



More information about the bind-users mailing list