In message <worldclient-f200902031224.aa24200...@dci.ir>, "Bind" writes:
>
> I installed fresh installation of solaris 10 on sparc machine with latest
> bind v9,
"latest bind v9" is imprecise. Is that Sun's latest or
ISC's latest and which one of the 4 version we just released
are you refering to?
> this server is behind the hardware Firewall(policy from out to in is
> udp53&from in to out is any).
> But my cisco IDS always announces this alarm from my server to other
> external clients or servers:
>
> "Fragment Flags Invalid"
Talk to CISCO. It's their software and they should be able
to explain this to you.
> Src Address Dst Address Signature Name
> 192.168.1.1 x.x.x.x Fragment Flags Invalid
> Here is my named.conf:
> options {
> version "version not currently available";
> pid-file ".../run/named.pid";
> directory ".../named/namedb";
> dump-file ".../named.dump";
> recursive-clients 10000;
> statistics-file "..../namedb/statistics";
> tcp-clients 1000;
> allow-recursion {
> any;
> };
> };
>
> logging {
> channel simple_log {
> file "/var/adm/named/bind.log" versions 3 size 50m;
> print-category yes;
> print-severity yes;
> print-time yes;
> severity warning;
> };
> category default {
> simple_log;
> };
> };
>
> key "rndc-key" {
> algorithm ,,,,,,,,,;
> secret "************";
> };
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
> does anybody have idea about this alarm? can i fix this error by tunning
> bind?
> Regards
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
