caching nameserver not always working? status: SERVFAIL
Lionel Bouton
Lionel.Bouton at inet6.fr
Sat Oct 9 00:20:25 UTC 2004
Jason Vas Dias wrote the following on 10/08/2004 04:19 PM :
>Hi -
>You may need to uncomment the 'query-source'
>line in the named.conf that comes with
>caching-nameserver, ie:
>
>'options { ...
> query-source address * port 53;
> ...
>};
>'
>This will make named use port 53 for queries
>it sends to other nameservers - otherwise,
>any available port will be used, which may be
>blocked by your firewall.
>
Be aware that some (really dumb) firewall administrators incorrectly
prevent connections to TCP ports from ports < 1024. My domain was cut
from a big chunk of the Internet (redhat and kernel.org for instance)
just a week ago due to a new "best practice" applied to our firewall
rules without warning. Finding the cause was quite a little adventure...
tcptraceroute (dag repository) may be used (with -p) to check what the
firewall rules do before using query-source.
More information about the test
mailing list