On Fri, Jun 13, 2003 at 03:33:34AM +1000, Russell Coker wrote: > On Fri, 13 Jun 2003 01:42, Simon McCartney wrote: > > Have you got any firewall's between you and the big bad world? I've seen > > Checkpoint FW-1 dropping DNS UDP packets, claiming they were badly formed > > and part of an attack, when afaics they were fine, coming from a BIND 9.2.1 > > debian box. > > Here's a way a problem can occur. > > Have a DNS server on the net configured to only use port 1434, 137..139, or > 445 for it's queries. > > Most firewalls block those ports for obvious reasons. So when your name > server tries to answer a query from such a machine it gets blocked. > > Now the reported problem occurred with BIND being on the client end. If you > have BIND configured to use a source port that happens (for some reason) to > be considered bad by the firewall at the other end (or at some ISP in > between) then a similar result can occur. >
The blocked queries were from fairly random ports, and not in the ranges you suggest, I tied the queries to 53 using query-source port and it had no effect on the packets being dropped :-( -simonm (E: [EMAIL PROTECTED] W: +44 28 9072 5060 M: +44 7710 836915) chown me /world -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
