timeout for query?
Mark Andrews
Mark_Andrews at isc.org
Thu Jul 21 05:40:46 UTC 2005
> Hello,
>
> we're having problem with PIX firewalls closing UDP 'connection' after
> 30 seconds. Is there a limit to which a response for query must be sent?
There is no protocol limit. I would be talking to CISCO to see
if there is a knob you can set to raise it. 90 seconds would
be appropriate for named.
> sample: (10.7.9.10 is our DNS, doing recursive query somewhere outside.
> It takes some time, so the 'connection' to client 83.208.117.4 is closed
> prematurely)
>
> 04:00:16 Teardown UDP connection 404532028 for outside:83.208.117.4/2200
> to dmz:10.7.9.10/53 duration 0:00:30 bytes 276
> 04:00:16 Deny udp src dmz:10.7.9.10/53 dst outside:83.208.117.4/2200 by
> access-group "acl_dmz"
> 04:00:16 Deny udp src dmz:10.7.9.10/53 dst outside:83.208.117.4/2200 by
> access-group "acl_dmz"
> 04:00:16 Deny udp src dmz:10.7.9.10/53 dst outside:83.208.117.4/2200 by
> access-group "acl_dmz"
> 04:00:16 Deny udp src dmz:10.7.9.10/53 dst outside:83.208.117.4/2200 by
> access-group "acl_dmz"
>
> Thanks!
>
> --
> ***********************************************************************
> Pavel Urban (pavel.urban at imaginet.cz)
> IOL system disaster
> Internet OnLine, owned by Cesky Telecom, a.s. (www.ct.cz)
> ***********************************************************************
> Vegetables should not operate electronic equipment.
> Computer Stupidities, http://rinkworks.com/stupid/
> ***********************************************************************
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list