Check Point Firewall-1 dropping return Bind 9.2.2.rc1 dns packets
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Feb 17 23:36:36 UTC 2003
>
> We are experiencing problems related to bind 9.2.2.rc1 and
> checkpoint firewall-1.
>
> Some of the return dns packets are being partially dropped at the
> firewall for a reason unknown to me, others are allowed to pass as expected.
> Our firewall admin is telling me that checkpoint is dropping on rule 0, as
> if it is no longer in the state table.
>
> When using dig to lookup hostnames against a bind 9 server the initial
> request times out but then another immediate request of the same address
> shows that the data has been cached, and thus the requested is returned.
>
> If the timeout value used with dig is increased (say to 60) this will all so
> produce the desired result.
>
> We only see this problem with the bind 9 servers in the environment.
> Machines running queries against bind 4 servers do not suffer this fate.
>
> Can anyone offer suggests to fix or work around this
> problem? Thanks.
>
Named will try recursive queries for 90 seconds before giving
up.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list