firewall blocking 53
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Aug 7 17:45:36 UTC 2002
Armin Safarians <armin.safarians at safeway.com> wrote:
> Any ideas..?
> AMS :-)
> -----Original Message-----
> From: Armin M. Safarians [mailto:armin.safarians at safeway.com]
> Sent: Monday, August 05, 2002 3:59 PM
> To: bind users
> Subject:
> All --
> Problem: CheckPoint firewall blocking dns traffic.
> IT seems like bind generates queries on the same
> high port (source) to port 53 (destination). Every time
> I bounce bind, it start it's queries from a new high
> port (source) to port 53 (destination). This high port
> stays the same until the next bounce.
> When the firewall sees a delay of more than 40
> seconds, it blocks all replies back to this high port.
> When I bounce bind, the new high port will work since
> there is no block.
> I hope this is not too confusing. Please shed some
> light if you get the basic problem here.
What exactly do you mean with "bounce bind" ? stop and restart ?
You may control the port used by bind with :
"query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ] ; ]"
See your manpage for details.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list