Odd firewall and resolver issues
Pete Ehlke
pde at ehlke.net
Thu Aug 1 20:53:19 UTC 2002
On Thu, Aug 01, 2002 at 02:59:43PM -0400, Chris Bauer wrote:
>
> I'm having a problems with certain domains trying to resolve addresses
> for hosts on the mco.edu domain. I have rules set up for DNS traffic
> to
> talk to the nameservers, however, there are some nameservers I notice
> that insist on querying the firewall instead of the nameservers
> (ns-ext.vix.com is ns1.accesstoledo.com for instance). I'm not sure why
> this is, since
> I've never had it referenced in NS or SOA records for the domain.
>
ns-ext.vix.com does not offer recursion to the outside world, and as far
as I know it doesn't act as a resolver for any vix/isc/etc hosts either,
so I find your claim that it is querying *any* server you operate, much
less querying your firewall instead of the server it protects to be
somewhat dubious. Do you have log file entries? I suspect you're seeing
something else entirely and misinterpreting it.
-Pete
More information about the bind-users
mailing list