odd behaviour: BIND 9.3.3rc2
Mark Andrews
Mark_Andrews at isc.org
Mon Nov 26 22:36:32 UTC 2007
> Not sure if this one was ever resolved, but I'm seeing similar problems with
> Bind 9.4.1p. From limited testing it appears the problem is related to the
> query-source port option. Sometimes hosts will be configured to filter
> packets that have a source port below 1024, it appears in this case the
> query is never making it up to the nameserver when the query-source port is
> 53, therefore no response. When I comment out the query-source port option,
> it works fine.
> Unfortunately the query-source port option is necessary to get through the
> firewall. Am I understanding this correctly ? - assuming the only way
> around it is to configure another nameserver without this query-source port
> option ?
The port value is for stateless firewalls and it can be any
port, it just has to be what is configured into the local
firewall. 53 is the recommended value because if you are
running a authoritative nameserver you have to open up port
53 to allow the queries in so by setting query soure to 53
you allow the replies is via the same hole in the firewall.
Any firewall that looks at the source port is misconfigured.
Mark
> On Aug 29, 2007 9:20 AM, Felipe Ceglia - PY1NB <felipe-listas at terenet.com.br>
> wrote:
>
> > Hello again, bind gurus,
> >
> > I am running BIND 9.3.3rc2 on a centos box.
> >
> > It happens that I cant resolve some hosts, like:
> >
> > dig redelagos.com.br
> > dig teresopolis.unimed.com.br
> >
> > And I can resolve it from other dns servers.
> >
> > Surely there is something wrong, but I cant figure what.
> >
> > Any ideas?
> >
> >
> > My /etc/named.conf looks like:
> >
> > options
> > {
> > query-source port 53;
> > query-source-v6 port 53;
> > directory "/var/named"; // the default
> > dump-file "data/cache_dump.db";
> > statistics-file "data/named_stats.txt";
> > memstatistics-file "data/named_mem_stats.txt";
> >
> > };
> > logging
> > {
> > channel default_debug {
> > file "data/named.run";
> > severity dynamic;
> > };
> > };
> > view "internal"
> > {
> > include "/etc/named.root.hints";
> > };
> > //
> > view "external"
> > {
> > recursion yes;
> > zone "." IN {
> > type hint;
> > file "named.root";
> > };
> > zone "domain.com" {
> > type master;
> > file "named.domain.com";
> > };
> >
> > };
> >
> >
> >
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list