Found solution, need explanation :)

Barry Margolin barmar at alum.mit.edu
Sat Oct 7 00:50:52 UTC 2006


In article <eg50tt$uq8$1 at sf1.isc.org>,
 Mats Fredholm <mats.fredholm at glocalnet.com> wrote:

> Hi folks,
> with a setup of a caching bind (9.2.3 & 9.3.2-P1) servers I had configured
> to use option 'query-source address * port 53;' to be sure not to 
> stumble into
> problems with our firewall.

Why not just fix your firewall configuration?

> I took long time for me to find out that this was instead causing problems.
> The cacheing server is NAT'ed with no open ways from outside to it,
> but surely asking a question it should get a reply?
> Querying some servers, I did not get any reply, most worked fine though.
> (saw (snoop) queries sent out)
> There is probably a simle explanation here? RTFM?

I've occasionally run into sites that block incoming DNS queries that 
have a low-numbered source port.  So if you're trying to query domains 
that they host, your queries will never get to the servers.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list