firewall blocking 53
Pete Ehlke
pde at ehlke.net
Wed Aug 7 17:50:26 UTC 2002
On Wed, Aug 07, 2002 at 01:36:22PM -0400, Eric L. Howard wrote:
>
> This timeout is something that you can configure in Firewall-1. Look under
> the properties for your rule-set. 40 *seconds* is a long time to wait for
> return traffic...
>
Most of the DNS is UDP traffic. It's expected that there will sometimes
be timeouts.
If you've set up Firewall-1 to dynamically block ports on your name
server based on the fact that it's sending UDP datagrams that don't get
replied to, then you have shot yourself in the foot. Pinning your query
source-port won't help at all.
The right answer here is "Don't do that".
-P.
More information about the bind-users
mailing list