BIND in Windows - extra packets
Schelly, Neil
NSchelly at gomez.com
Thu Apr 21 22:30:46 UTC 2005
I am relatively new to running BIND in a Windows environment with a new job
I've started recently, but a problem has come to our attention in its use
here and I'm hoping someone else has had previous experience with it.
Essentially, I've duplicated this problem with several recent 9.2 and 9.3
releases of BIND in Windows 2000 Server and Windows XP Pro. Duplicating it
is as easy as installing it with a blank named.conf file and directing your
machine to use it for DNS lookups. I cannot duplicate the problem with BIND
running in Linux.
The problem is that DNS requests made to other DNS servers are followed
almost instantaneously by another packet with no payload. A packet capture
shows one or two of these 64-byte UDP packets following the real request.
It doesn't happen after every request, but a packet capture of 200 packets
or so is bound to catch a few instances of this happening. Ethereal shows
these packets as "Malformed packets" because there's nothing in the actual
packet payload to translate into a DNS request. I can attach a packet
capture demonstrating this if it helps anyone, but I don't know the list
policy on sending out attachments.
The server itself is working fine as far as performing lookups and returning
the appropriate results. The problem that we're having is that our DNS
servers are causing the Cisco PIX firewall (belonging to a customer of ours)
to block traffic from our network. The firewall is interpreting these
extraneous packets as some type of DDOS. I have been unable to find any
mention of anyone having this problem before, but as I said, I have little
experience running BIND in a Windows environment, so it could be normal.
Also, since the server functions fine, it is unlikely that anyone would
notice problems here - only by luck that we have. I'm tempted to call it a
bug and report it as such, but wanted to know if anyone has experienced it
before and has some insight.
Regards,
Neil J. Schelly
Engineer, Network Operations
Gómez, Inc.
Enabling Performance Excellence
T 781.768.2445
M 508-410-4776
nschelly at gomez.com <mailto:nschelly at gomez.com>
www.gomez.com <http://www.gomez.com/>
More information about the bind-users
mailing list