From owner-freebsd-isp Wed Dec 4 15:21:32 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C81237B401 for ; Wed, 4 Dec 2002 15:21:31 -0800 (PST) Received: from figg.securenet.com.au (ns2.isecure.com.au [202.125.4.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id D45CB43EAF for ; Wed, 4 Dec 2002 15:21:29 -0800 (PST) (envelope-from anwsmh@ipaustralia.gov.au) Received: from iron.securenet.com.au (iron.isecure.com.au [202.125.4.94] (may be forged)) by figg.securenet.com.au (8.12.5/8.12.5/Debian-1) with ESMTP id gB4BfOq4023577 for ; Wed, 4 Dec 2002 22:41:24 +1100 Received: (from uucp@localhost) by iron.securenet.com.au (8.12.6/8.12.6) id gB4BfOB8019813 for ; Wed, 4 Dec 2002 22:41:24 +1100 (EST) X-Authentication-Warning: iron.securenet.com.au: uucp set sender to using -f Received: from nodnsquery(10.11.3.10) by iron.securenet.com.au via csmap (V6.0) id srcAAAcqaGSM; Wed, 4 Dec 02 22:41:24 +1100 Received: from vmail.aipo.gov.au (localhost [127.0.0.1]) by gibbons.securenet.com.au (8.12.3/8.12.3/Debian -4) with ESMTP id gB4BfO7t011379 for ; Wed, 4 Dec 2002 22:41:24 +1100 Received: from stan.aipo.gov.au (wf-148.aipo.gov.au [192.168.1.148]) by vmail.aipo.gov.au (8.11.6/8.11.6) with ESMTP id gB4BfMv89074 for ; Wed, 4 Dec 2002 22:41:23 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from stan.aipo.gov.au (localhost [127.0.0.1]) by stan.aipo.gov.au (8.12.6/8.12.6) with ESMTP id gB4BfN1d000567 for ; Wed, 4 Dec 2002 22:41:23 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.12.6/8.12.6/Submit) id gB4BfMCh000566 for FreeBSD-ISP@FreeBSD.ORG; Wed, 4 Dec 2002 22:41:22 +1100 (EST) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Wed, 4 Dec 2002 22:41:21 +1100 From: Stanley Hopcroft To: FreeBSD-ISP@FreeBSD.ORG Subject: Anyone had any problems with BIND-9 forwarding queries through PIX devices ? Message-ID: <20021204224119.G214@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Sir or Madam, We have been using the ports version of BIND 9 on 4.7-RELEASE (and 4.6-RELEASE before) without any problems. Recently however, forwarded queries to our provider frequently take ~ 12 seconds to resolve (for names that should be cached). (packet traces show 4 A queries and then the response belatedly). We became aware through the same symptoms that PIX firewalls (with recent firmware) do not handle source port 53 queries very well. Is anyone aware of any problems with BIND 9.21 as far as forwarding goes, especially with PIX ? We have been forced to downgrade to the release version of BIND-8; this seems to perform better. Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message