Mikael Olsson wrote: > > Eric wrote: > > [Someone shafted his brother's network] > > Solution: > 4. Yes, you have two DNS servers running. One is listening > on port 53 UDP and answering normal questions. The other > is listening on port 53 TCP and is handling your zone > transfers (and ls -d commands). Yuck :-) Aha! That explains it. Now, I have to decide whether to tell them or to wait until they can't figure it out and have to ask. Knowing my brother, rather than have to ask me to fix it (or how to fix it) he'll move the primary dns to the machine of the person who misconfigured everything and leave both running on that machine. The funny thing is that we had the primary dns on another company's machine ealier in spite of the fact that I had it set up and running perfectly on ours. It would take at least a week and as much as a month to get the other company to make the simplest changes. It took me six months to get my brother to change the primary dns to our own server. But as a result of this problem he will probably claim that my advice to take control of our own dns was bad. By the way, when setting up computers for his ISP customers, rather than allowing the computer to pick up the dns from the server, he configured the computers with the dns address directly. The result is that you can tell how long the customer has been a customer by what dns address is set. Ever heard the support story about the guy that told a customer to box up the computer and return it with a note that said "I am too stupid to own a computer"? Eric Johnson - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
