From owner-freebsd-security  Mon Mar  5  6:42:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from candy.anet.ee (ns.anet.ee [212.49.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 81BE737B718
	for <security@FreeBSD.ORG>; Mon,  5 Mar 2001 06:42:03 -0800 (PST)
	(envelope-from igor@widespace.ee)
Received: from widespace.ee (mars.widespace.ee [212.49.2.21])
	by candy.anet.ee (8.11.3/8.11.3) with ESMTP id f25EfwX06970
	for <security@FreeBSD.ORG>; Mon, 5 Mar 2001 16:41:58 +0200 (GMT)
Message-ID: <3AA3A55B.394D4D0E@widespace.ee>
Date: Mon, 05 Mar 2001 16:40:27 +0200
From: Igor Malinin <igor@widespace.ee>
X-Mailer: Mozilla 4.73 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "security@FreeBSD.ORG" <security@FreeBSD.ORG>
Subject: DNS service over TCP
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I've set up a dns server (BIND 9.1.1rc2).
All working fine except for some hosts cant
do TCP connections on port 53. Firewall seems
to be not the problem because I've made sucesfull
connections from several hosts, all in different
networks over internet.

There is an example of host that can't connect
to port 53 through TCP: http://www.nic.fr/zonecheck/english.html

I've set logging on my firewall and see only ICMP packets
coming from that host.

I can't find logic in what hosts connects and what hosts don't.
Anybody knows what can cause that and how to solve this?

PS. I know nothing about UDP service availability for hosts
where TCP service unavailable.

My DNS server is ns.widespace.ee (212.49.2.20) if it would
help you.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message