Unexplained bind related messages in log files
Joel
jc517 at wmi.com
Tue Apr 6 14:33:15 UTC 2004
Pete Ehlke wrote:
>
> On Tue Apr 06, 2004 at 13:53:44 +0000, Joel wrote:
> >
> >I'm getting messages in /var/log/messages that I can't correlate to
> >normal behavior. They are actually coming from my PIX firewall but
> >they are related to bind. The internal side has version 8.2.2-P7
> >and the external side uses version 9.2.1. It seems to be running
> >without errors. I get no complaints from users or systems daemons.
> >A couple times I day I get messages in the log file that a UDP
> >message from the external bind to the internal bind is blocked.
> >The external is a forwarder for the internal. Does anyone have
> >any hints on how to track this down. Would the external server
>
> Some versions of the pix do not understand EDNS0, and block all UDP
> datagrams that are larger than 512 bytes. This is completely broken
> behaviour. Contact your cisco representative for an upgrade.
>
> -Pete
This gets logged in a different way. At least I think it does. There
are messages about UDP DNS packets larger than 512 bytes. I haven't
yet tried to see if increasing the maximum size makes this go away.
I'll do that now.
- Joel
More information about the bind-users
mailing list