nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS

From: Niels Bakker <niels=nanog () bakker net>
Date: Fri, 27 Aug 2004 15:25:58 +0200

(Can you turn off HTML when posting to lists?  TIA)

* paul () routermanagement com (Paul Gilbert) [Fri 27 Aug 2004, 14:49 CEST]:

I have a friend whom has a problem with we believe DNS.  In this case the
ISP is NTL.  He has a stateful firewall and is running NAT you can see from
the tcp dump below that he sends the query to one DNS server but another
responds thus breaking the firewall state and therefore it never resolves.


Breaking the DNS protocol, too - cf. BIND's old "Response from
unexpected source" syslog messages.

http://archives.neohapsis.com/archives/incidents/2000-02/0032.html
http://archives.neohapsis.com/archives/incidents/2000-02/0044.html

Haven't seen one of those in a while, actually - has BIND gotten better
at binding sockets to specific interface addresses (it has) or has it
stopped reporting such instances?



Should the provider have the forwarding option on there servers or does he
need to punch another hole in his firewall.


Punching holes is not likely to work as it's NAT that breaks...


        -- Niels.
Previous By Date Next
Previous By Thread Next

Current thread: