DNS

• Previous message (by thread): DNS
• Next message (by thread): VeriSign's antitrust suit against ICANN dismissed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(Can you turn off HTML when posting to lists?  TIA)

* paul at routermanagement.com (Paul Gilbert) [Fri 27 Aug 2004, 14:49 CEST]:
> I have a friend whom has a problem with we believe DNS.  In this case the
> ISP is NTL.  He has a stateful firewall and is running NAT you can see from
> the tcp dump below that he sends the query to one DNS server but another
> responds thus breaking the firewall state and therefore it never resolves.

Breaking the DNS protocol, too - cf. BIND's old "Response from
unexpected source" syslog messages.

http://archives.neohapsis.com/archives/incidents/2000-02/0032.html
http://archives.neohapsis.com/archives/incidents/2000-02/0044.html

Haven't seen one of those in a while, actually - has BIND gotten better
at binding sockets to specific interface addresses (it has) or has it
stopped reporting such instances?


> Should the provider have the forwarding option on there servers or does he
> need to punch another hole in his firewall.

Punching holes is not likely to work as it's NAT that breaks...


	-- Niels.

• Previous message (by thread): DNS
• Next message (by thread): VeriSign's antitrust suit against ICANN dismissed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]