BIND Refusing TCP Connections

Merton Campbell Crockett m.c.crockett at roadrunner.com
Thu Jul 10 13:53:39 UTC 2008


Under what conditions might BIND refuse to accept TCP connections  
while continuing to accept UDP-based DNS queries?

We have a group of financial systems that are shared between several  
business units.  The systems in this shared environment are on a stand- 
alone network with dedicated circuits to each of the business units.   
User authentication requires access to the Active Directory domain  
controllers of the user's business unit.

Occassionally, some users in our business unit will be denied access  
while others are allowed access.

During one of these incidents, tcpdump was used to capture network  
traffic between the shared environment and our business unit.  In the  
shared environment the name server has a forward zone defined that  
results in all DNS queries being forwarded to a single name server in  
our business unit.

Analyzing the tcpdump data, I see that the name server in the shared  
environment send UDP-based DNS queries to our name server.  Our name  
server returns a truncated DNS reply.  On receipt of the truncated DNS  
reply, the name server in the shared environment attempts to establish  
a TCP connection to our name server.  In response to the TCP SYN  
packet, our name server rejects the connection by sending a TCP  
RST,SYN packet.

After several minutes, our name server starts to accept TCP  
connections and everything continues normally.  I don't know how long  
our name server was refusing TCP connections as I am looking at a  
tcpdump that was started after the incident was reported.

Merton Campbell Crockett
m.c.crockett at roadrunner.com





More information about the bind-users mailing list