firewall blocking 53
David Botham
dns at botham.net
Wed Aug 7 17:35:22 UTC 2002
Or maybe you could investigate the query-source option in named.conf.
You should find the details in the ARM or man page for named.conf...
Dave...
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Pete Ehlke
> Sent: Wednesday, August 07, 2002 1:23 PM
> To: Armin Safarians
> Cc: bind users
> Subject: Re: firewall blocking 53
>
>
> On Wed, Aug 07, 2002 at 09:54:36AM -0700, Armin Safarians wrote:
> >
> > Any ideas..?
> > AMS :-)
>
> Well, I'd say this is either a... ummm... feature... of Firewall-1, or
> your firewall is poorly configured. If it's dynamically blocking ports
> based on the fact that some outbound connections time out, then you'll
> have to either configure it not to do that, or deal with the
> consequences.
>
> -P.
>
> >
> > -----Original Message-----
> > From: Armin M. Safarians [mailto:armin.safarians at safeway.com]
> > Sent: Monday, August 05, 2002 3:59 PM
> > To: bind users
> > Subject:
> >
> >
> > All --
> > Problem: CheckPoint firewall blocking dns traffic.
> >
> > IT seems like bind generates queries on the same
> > high port (source) to port 53 (destination). Every time
> > I bounce bind, it start it's queries from a new high
> > port (source) to port 53 (destination). This high port
> > stays the same until the next bounce.
> >
> > When the firewall sees a delay of more than 40
> > seconds, it blocks all replies back to this high port.
> > When I bounce bind, the new high port will work since
> > there is no block.
> >
> > I hope this is not too confusing. Please shed some
> > light if you get the basic problem here.
> >
>
> > AMS :-)
> >
More information about the bind-users
mailing list