Date: Wed, 9 Jan 2002 19:45:27 -0800 (PST) From: X Philius <xphilius@yahoo.com> To: Ian Smith <smithi@nimnet.asn.au> Cc: "G.P. de Boer" <g.p.de.boer@st.hanze.nl>, security@FreeBSD.ORG, Dave Raven <dave@kill-9.za.net> Subject: Re: Help with ipfw rules to allow DNS queries through Message-ID: <20020110034527.76936.qmail@web11804.mail.yahoo.com> In-Reply-To: <20020109013014.57371.qmail@web11807.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
BSD Security Folks, I solved the mystery. It looks like Cisco routers can mangle UDP packets involved in DNS queries. The NAT can translate addresses within the packet, as well as the destination, and this messes things up. This does not effect zone transfers (which I believe is all I really need to be authorative on a domain or six) but does prevent access of my DNS server from outside our local net. A search through the bind e-list didn't give me any solution to the problem, but at least I know I'm not nuts. Well, maybe a little nuts, but not about this ;-) Thanks for the help, I'm off to work on the next conundrum.... Jason __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020110034527.76936.qmail>