Found solution, need explanation :)
barmar at alum.mit.edu
Sat Oct 7 00:50:52 UTC 2006
In article <eg50tt$uq8$1 at sf1.isc.org>,
Mats Fredholm <mats.fredholm at glocalnet.com> wrote:
> Hi folks,
> with a setup of a caching bind (9.2.3 & 9.3.2-P1) servers I had configured
> to use option 'query-source address * port 53;' to be sure not to
> stumble into
> problems with our firewall.
Why not just fix your firewall configuration?
> I took long time for me to find out that this was instead causing problems.
> The cacheing server is NAT'ed with no open ways from outside to it,
> but surely asking a question it should get a reply?
> Querying some servers, I did not get any reply, most worked fine though.
> (saw (snoop) queries sent out)
> There is probably a simle explanation here? RTFM?
I've occasionally run into sites that block incoming DNS queries that
have a low-numbered source port. So if you're trying to query domains
that they host, your queries will never get to the servers.
Barry Margolin, barmar at alum.mit.edu
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users