firewall blocking 53

Armin Safarians armin.safarians at safeway.com
Wed Aug 7 17:45:31 UTC 2002 

I just wanted to confirm that BIND will initiate its queries from the
same high port every to, correct?

AMS :-)

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Pete Ehlke
Sent: Wednesday, August 07, 2002 10:23 AM
To: Armin Safarians
Cc: bind users
Subject: Re: firewall blocking 53



On Wed, Aug 07, 2002 at 09:54:36AM -0700, Armin Safarians wrote:
> 
> Any ideas..?
> AMS :-)

Well, I'd say this is either a... ummm... feature... of Firewall-1, or
your firewall is poorly configured. If it's dynamically blocking ports
based on the fact that some outbound connections time out, then you'll
have to either configure it not to do that, or deal with the
consequences.

-P.

> 
> -----Original Message-----
> From: Armin M. Safarians [mailto:armin.safarians at safeway.com]
> Sent: Monday, August 05, 2002 3:59 PM
> To: bind users
> Subject: 
> 
> 
> All --
> Problem:   CheckPoint firewall blocking dns traffic.
> 
>    IT seems like bind generates queries on the same
> high port (source) to port 53 (destination). Every time
> I bounce bind, it start it's queries from a new high
> port (source) to port 53 (destination). This high port
> stays the same until the next bounce.
> 
>    When the firewall sees a delay of more than 40
> seconds, it blocks all replies back to this high port.
> When I bounce bind, the new high port will work since
> there is no block.
> 
>     I hope this is not too confusing. Please shed some
> light if you get the basic problem here.
> 

> AMS :-)
> 



"WorldSecure Server <safeway.com>" made the following
 annotations on 08/07/02 11:57:37
------------------------------------------------------------------------------
Warning: 
All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient.  This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s).  If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited.  If you have received this message in error, please notify the sender immediately. 
  

==============================================================================

More information about the bind-users mailing list