Connectivity -Reply

[Mark_Andrews at isc.org]

> That's very helpful, thanks. But it raises another question and that is how
> does a host with the standard resolver query the internal firewall ( dns
> server). Does it use UDP as well ?

	Yes.  Both will / should fallback to TCP if the answer is too
	large to fit into a the UDP message size (512 bytes).

> and I take it that total ICMP blocks on
> the internal LAN obviously will cause distress for DNS? ( I think the only
> way to communicate to the firewall is telnet ATT.

	ICMP is used to transmit error conditions in the network.  Blocking
	ICMP stops those error messages getting back to the original sender
	of the traffic and hence preventing it from changing its sending
	strategy.  There are conditions where blocking ICMP traffic can
	prevent a TCP/IP connection from working.

	I would suggest that you get a copy of:

		DNS and BIND, Third Edition 
		Albitz, Paul / Liu, Cricket
		O'Reilly And Associates
		ISBN: 1565925122
	
	It contains descriptions of how to set up nameservers and clients
	to deal with different firewall conditions.  It also contains a
	description of how the DNS works.

	Mark
> 
> Thanks
> Dave
> 
> Oh and to the rest of the group thankyou for the sparkling debate on mail
> group etiquette. It kept me amused for hours 8-)
> ----
> This mail item has passed through an insecure network. 
> All enquiries should be directed to the message author.
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org