ICMP/ Firewall issue
Scott Bertilson
scott at nts.umn.edu
Fri Oct 20 14:36:28 UTC 2000
> > The _DNS_ server doesn't send out ICMP packets in the
> > normal course of business. It receives queries (usually)
> > on UDP port 53 and sends the response as a UDP packet
> > sourced on port 53. It can also do transactions using
> > TCP (usually port 53 on the server side). It should
> > never send ICMP messages unless the server process has,
> > for some reason failed to allocate and listen on UDP and
> > TCP port 53.
> > In your case, I'd want to make sure that port 53 isn't
> > being blocked.
>
> No, but TCP/IP does use ICMP do do diagnostics kind of things. Completely
> blocking ICMP makes TCP/IP blind.
Blindness is a function of what you are trying to accomplish.
If you are trying to get DNS queries to a server and receive
the responses coming back, ICMP has nothing to do it it
except perhaps to indicate that the server isn't there or
that there are routing problems. It is irrelevant to
this situation involving a firewall. Blocking ICMP has
nothing to do with this problem.
Scott
More information about the bind-users
mailing list