DNS
Niels Bakker
niels=nanog at bakker.net
Fri Aug 27 13:25:58 UTC 2004
(Can you turn off HTML when posting to lists? TIA)
* paul at routermanagement.com (Paul Gilbert) [Fri 27 Aug 2004, 14:49 CEST]:
> I have a friend whom has a problem with we believe DNS. In this case the
> ISP is NTL. He has a stateful firewall and is running NAT you can see from
> the tcp dump below that he sends the query to one DNS server but another
> responds thus breaking the firewall state and therefore it never resolves.
Breaking the DNS protocol, too - cf. BIND's old "Response from
unexpected source" syslog messages.
http://archives.neohapsis.com/archives/incidents/2000-02/0032.html
http://archives.neohapsis.com/archives/incidents/2000-02/0044.html
Haven't seen one of those in a while, actually - has BIND gotten better
at binding sockets to specific interface addresses (it has) or has it
stopped reporting such instances?
> Should the provider have the forwarding option on there servers or does he
> need to punch another hole in his firewall.
Punching holes is not likely to work as it's NAT that breaks...
-- Niels.
More information about the NANOG
mailing list