On Mon, 1 Feb 1999, Glynn Clements wrote:
>
> Sherine wrote:
> > >
> > > It may be related, i.e. if the DNS server is completely unreachable,
> > > you won't be able to ping it or send it DNS queries. However, it's
> > > possible to disable replying to ping requests, but still reply to DNS
> > > queries.
> >
> > I don't remember if I had already send this mail before but when I use the
> > command "dig" I get the following "res_send to server
> > default--aaa.bb.ccc.d: Connection timed out"
>
> Then it appears that you can't communicate with it at all.
Maybe, but I used a different ip address on the external side of the
firewall, and I was able to get results with the "nslookup" and "dig"
command. Users were able to browse for awhile but then the error occurs on
users machines about "Host name not found" this time however the firewall
can see the DNS....I'm pulling hairs and teeth here....
:-(
Moi again
> Does using nslookup with the `-vc' switch work?. In order to use
> nslookup/dig via UDP, you have to allow inbound UDP packets for *all*
> ephemeral ports.
>
> Also, if you are running BIND-8.1.* from behind a firewall, you have
> to configure named.conf to use a specific source port for DNS queries.
> By default, it uses an ephemeral port (whereas 4.9.* used port 53).
>
> --
> Glynn Clements <[EMAIL PROTECTED]>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
