BIND Refusing TCP Connections
Merton Campbell Crockett
m.c.crockett at roadrunner.com
Thu Jul 10 13:53:39 UTC 2008
Under what conditions might BIND refuse to accept TCP connections
while continuing to accept UDP-based DNS queries?
We have a group of financial systems that are shared between several
business units. The systems in this shared environment are on a stand-
alone network with dedicated circuits to each of the business units.
User authentication requires access to the Active Directory domain
controllers of the user's business unit.
Occassionally, some users in our business unit will be denied access
while others are allowed access.
During one of these incidents, tcpdump was used to capture network
traffic between the shared environment and our business unit. In the
shared environment the name server has a forward zone defined that
results in all DNS queries being forwarded to a single name server in
our business unit.
Analyzing the tcpdump data, I see that the name server in the shared
environment send UDP-based DNS queries to our name server. Our name
server returns a truncated DNS reply. On receipt of the truncated DNS
reply, the name server in the shared environment attempts to establish
a TCP connection to our name server. In response to the TCP SYN
packet, our name server rejects the connection by sending a TCP
RST,SYN packet.
After several minutes, our name server starts to accept TCP
connections and everything continues normally. I don't know how long
our name server was refusing TCP connections as I am looking at a
tcpdump that was started after the incident was reported.
Merton Campbell Crockett
m.c.crockett at roadrunner.com
More information about the bind-users
mailing list