Recursive queries fail if query source port is not fixed
Hans F. Nordhaug
Hans.F.Nordhaug at hiMolde.no
Thu Aug 14 01:09:41 UTC 2008
* Hans F. Nordhaug <Hans.F.Nordhaug at hiMolde.no> [2008-08-14]:
> * Jeff Lightner <jlightner at water.com> [2008-08-13]:
> > My guess is you have a firewall that is only allowing port 53 outbound.
> >
> > Are you running iptables? If so does turning it off temporarily resolve
> > the issue? Is there a firewall/switch upstream from your server that
> > needs to be adjusted?
> >
> > We're running RHEL 5 with 9.3.4-P1 and it works fine here without the
> > query port specified.
>
> Thx for replying. As stated in the e-mail iptables does nothing[1]
> and the Cisco router has no rules that limits traffic to port 53.
> I just tested with "query-source port 40053;" and it worked without
> any problems. (I even used tcpdump to verify that Bind used 40053
> and not 53.) So the problem remains - recursive queries fails if the
> query source port isn't fixed. (Any allowed fixed port number is OK.)
Hm, I just read the "domain cannot resolve" thread:
Sounds a lot like the old "no query restart" behavior of BIND 8. It
would get part of the way through iterative resolution, then just stop
and wait for the client to time out and retry. Yuck.
I tried to repeat the same query multiple times and finally it
resolved ... I'm not forwarding (explicitly) to a BIND 8 server.
However, this machine is a slave and the master is actually BIND 8.
The tcp dumps doens't show any forwarding ...
Hans
More information about the bind-users
mailing list