Private Public DNS question
Barry Margolin
barmar at bbnplanet.com
Wed Mar 22 23:42:09 UTC 2000
In article <B5C5D2CDB8BCD2118E4800A0C9D8E4C7B2A9DA at cartman.metainfo.com>,
<vladimirs at metaip.checkpoint.com> wrote:
>Certain commercial sites (apple.com and wcom.com) do not like replying to
>low port # DNS queries. The symptom is that most external DNS queries work
>except for these sites. The issue is caused by FW-1 NATing the DNS query
>(which defaults from port 53) to a low port address. Apple and WorldCom DNS
>servers do not like this and the queries time out.
>
>The problem can be resolved by setting DNS' "Query Source Address" from the
>default port of 53 to a high port, like 1053. This setting is located under
>DNS properties, Configuration (I am using Meta IP product from Checkpoint
>Software Technologies). When the query hits the FW-1, it gets NATed to a
>higher port address. This works wonderfully with apple, wcom and everyone
>else.
This seems very strange. The purpose of "query-source port 53" is to make
BIND 8 act like BIND 4 did. If what you're saying is true, sites that are
still using BIND 4 nameservers (if not the majority, certainly a large
number) would not be able to look up names in those domains. I think this
is extremely unlikely, especially for a high-visibility site like
apple.com.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list