Greetings!
Langa Kentane schrieb:
> Turns out that our ISP has a DNS server cluster. Machine B being the
> virtual/primary [whatever] address for the DNS cluster. Now what happens is
> that when our mail server does a DNS query to machine B, machine A answers
> the query and because machine A does not have a valid connection in the
> state table, the packets are being dropped.
Dirty quick-fix (to get the service up and running while working on solving the
problem):
Create a service "DNS_answers", allow this service from A and B into your
network.
Solution (1):
Talk to your ISP - he should set up his clustering properly.
Explain your problem with his "solution" to him and ask for help.
Solution (2):
Use a different upstream DNS server - maybe from a different ISP,
maybe your own (cacheing-only) DNS server.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
