Recursive queries fail if query source port is not fixed
Hans F. Nordhaug
Hans.F.Nordhaug at hiMolde.no
Sat Aug 16 07:49:01 UTC 2008
* Steven Stromer <filter at stevenstromer.com> [2008-08-15]:
> I doubt that this is at all pertinent, but I was experiencing similar
> behavior once I patched a client a few weeks ago and took them off
> port 53. Recursive requests were failing three out of every four
> times they were made, yet digs with trace worked. The company uses a
> crappy Netgear firewall that I can't wait to trash. However, the fix
> ended up coming from turning off tcp and udp flood protection on the
> firewall. In this case the firewall was located between a DMZ area
> and the company LAN, with the recursive nameserver located in the
> DMZ, so the network was probably slightly different...
This is exactly our network setup!
> However, the symptoms sound so familiar that I thought I'd mention
> it. Maybe your Cisco router is interpreting all the randomized UDP
> activity as a flood. Apologies if this is off track with your issue
> - good luck finding a fix!
I'll test this on Monday and report back - thx a lot for the
suggestion.
Hans
PS! I wasn't at work yesterday so I haven't been able to test the
suggestions I got on Thursday. I'll report back here when/if I find a
solution.
More information about the bind-users
mailing list