Recursive queries fail if query source port is not fixed

Jeff Lightner jlightner at water.com
Thu Aug 14 00:20:50 UTC 2008 

You said you installed 9.3.4-P1.

Was the update you did from a repository updated after July 10th?  

I believe July 10th is the day RedHat back ported the fix into 9.3.4-P1.
CentOS is a binary compile of RHEL sources so it seems the 9.3.4-P1
update you would need from CentOS repositories would have to have been
created after that date.   You'd also want to make sure that CentOS had
actually included the updated source in their compile.

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Hans F. Nordhaug
Sent: Wednesday, August 13, 2008 8:10 PM
To: bind-users at isc.org
Subject: Re: Recursive queries fail if query source port is not fixed

* JINMEI Tatuya / ?$B?@L at C#:H <Jinmei_Tatuya at isc.org> [2008-08-14]:
> At Thu, 14 Aug 2008 01:42:40 +0200,
> "Hans F. Nordhaug" <Hans.F.Nordhaug at hiMolde.no> wrote:
> 
> > > Do you mean any query always fails, or some queries sometime fail
> > > (while some others succeed)?
> > 
> > Thx for replying.
> > 
> > Any recursive query, i.e., any query for some domain the server
isn't
> > authorative for, fails. 
> 
> Sorry, it's not very clear to me.  Do you mean no recursive queries
> succeed, right?  

Yes. (I wrote "Any recursive query [...] fails".)

> That is, it's not only for 'www.uib.no' but also for
> 'www.isc.org', 'www.google.com', 'a.root-servers.net', whatever (as
> long as your server has authority for it)?

You meant "as long as your server doesn't have authority for it",
right? Anyway, yes, all of those fail except 'a.root-servers.net'.

> In any case, can you show the packet dump and named log with
> timestamps?

I kind of supplied that in my original e-mail. I'll send you the new
dumps for 'www.google.com' and 'a.root-servers.net' on private e-mail
(in very few minutes).

Thx for spending time on this.

Hans
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list