Name Resolution issue with one domain

Matus UHLAR - fantomas uhlar at
Wed Mar 21 08:41:59 UTC 2012

On 21.03.12 09:23, Mark Andrews wrote:
>Stupid firewall rules in front of the nameservers.  They block
>traffic sent from port 53 which is the port lots of nameservers
>used to send query traffic.  When will firewall administrators learn
>that the source ports can be anything, that they are not significant,
>and that blocking traffic based on the source port is stupid.

maybe the admin set that up to force local servers using random ports, 
instead of 53, for outgoing requests. Nobody should use port 53 for 
_ougtoing_ requests.

>bsdi# dig -b
>09:13:17.909493 >  18071+$ [1au] A? ar: OPT UDPsize=4096 (49)
>09:13:22.918018 >  18071+$ [1au] A? ar: OPT UDPsize=4096 (49)
>09:13:27.928099 >  18071+$ [1au] A? ar: OPT UDPsize=4096 (49)
>; <<>> DiG 9.9.0rc2 <<>> -b
>;; global options: +cmd
>;; connection timed out; no servers could be reached

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of. 

More information about the bind-users mailing list