From owner-freebsd-net Tue Mar 13 12:37:31 2001 Delivered-To: freebsd-net@freebsd.org Received: from black.purplecat.net (ns1.purplecat.net [209.16.228.148]) by hub.freebsd.org (Postfix) with ESMTP id 4A35D37B71C for ; Tue, 13 Mar 2001 12:37:24 -0800 (PST) (envelope-from peter@black.purplecat.net) Received: from localhost (peter@localhost) by black.purplecat.net (8.8.8/8.8.8) with ESMTP id PAA17666 for ; Tue, 13 Mar 2001 15:39:43 -0500 (EST) (envelope-from peter@black.purplecat.net) Date: Tue, 13 Mar 2001 15:39:43 -0500 (EST) From: Peter Brezny To: freebsd-net@freebsd.org Subject: problem with secondary dns update through ipfw firewall Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've got a problem with secondary DNS servers not being able to get updates from my primary through it's firewall. The firewall rules on the primary dns server (pertaining to dns) look like this. I thought I had my bases covered... # Allow DNS traffic from internet to query your DNS (for reverse # lookups etc). $fwcmd add allow tcp from any 53 to $ns1 53 setup $fwcmd add allow udp from any to $ns1 53 $fwcmd add allow udp from $ns1 53 to any I've also got: query-source address 209.16.228.145 port 53; In my named.conf on the primary dns server... However when secondaries create zone files, they are blank. I get the feeling it's a firewall problem because, when i configure the secondaries to use an internal address of the primary dns server (which has a keep-state allow all internal rule) in my test environment, the updates occur as expected. TIA pb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message