ICMP/ Firewall issue
Scott Bertilson
scott at nts.umn.edu
Thu Oct 19 19:33:07 UTC 2000
> Is it possible to stop the DNS server sending out ICMP packets to
> check the user. I am currently getting no lookups from the server as
> the firewall admin has disallowed ICMP - I have included a remote
> lookup below - what can I do so that ICMP traffic is not needed for a
> lookup ?
The _DNS_ server doesn't send out ICMP packets in the
normal course of business. It receives queries (usually)
on UDP port 53 and sends the response as a UDP packet
sourced on port 53. It can also do transactions using
TCP (usually port 53 on the server side). It should
never send ICMP messages unless the server process has,
for some reason failed to allocate and listen on UDP and
TCP port 53.
In your case, I'd want to make sure that port 53 isn't
being blocked.
Scott
More information about the bind-users
mailing list