From owner-freebsd-stable Wed Dec 4 15:21:35 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55FE137B401 for ; Wed, 4 Dec 2002 15:21:33 -0800 (PST) Received: from figg.securenet.com.au (ns2.isecure.com.au [202.125.4.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4A9C43EAF for ; Wed, 4 Dec 2002 15:21:31 -0800 (PST) (envelope-from anwsmh@ipaustralia.gov.au) Received: from iron.securenet.com.au (iron.isecure.com.au [202.125.4.94] (may be forged)) by figg.securenet.com.au (8.12.5/8.12.5/Debian-1) with ESMTP id gB4BeHq4022916 for ; Wed, 4 Dec 2002 22:40:18 +1100 Received: (from uucp@localhost) by iron.securenet.com.au (8.12.6/8.12.6) id gB4BeH71019743 for ; Wed, 4 Dec 2002 22:40:17 +1100 (EST) X-Authentication-Warning: iron.securenet.com.au: uucp set sender to using -f Received: from nodnsquery(10.11.3.10) by iron.securenet.com.au via csmap (V6.0) id srcAAAK9aWJM; Wed, 4 Dec 02 22:40:17 +1100 Received: from vmail.aipo.gov.au (localhost [127.0.0.1]) by gibbons.securenet.com.au (8.12.3/8.12.3/Debian -4) with ESMTP id gB4BeHTh011196 for ; Wed, 4 Dec 2002 22:40:17 +1100 Received: from stan.aipo.gov.au (wf-148.aipo.gov.au [192.168.1.148]) by vmail.aipo.gov.au (8.11.6/8.11.6) with ESMTP id gB4BeGv89067 for ; Wed, 4 Dec 2002 22:40:16 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from stan.aipo.gov.au (localhost [127.0.0.1]) by stan.aipo.gov.au (8.12.6/8.12.6) with ESMTP id gB4BeG1d000555 for ; Wed, 4 Dec 2002 22:40:17 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.12.6/8.12.6/Submit) id gB4BeFRO000554 for FreeBSD-stable@FreeBSD.ORG; Wed, 4 Dec 2002 22:40:15 +1100 (EST) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Wed, 4 Dec 2002 22:40:14 +1100 From: Stanley Hopcroft To: FreeBSD-stable@FreeBSD.ORG Subject: Anyone had any problems with BIND-9 forwarding queries through PIX devices ? Message-ID: <20021204224012.F214@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear Sir or Madam, We have been using the ports version of BIND 9 on 4.7-RELEASE (and 4.6-RELEASE before) without any problems. Recently however, forwarded queries to our provider frequently take ~ 12 seconds to resolve (for names such as www.Yahoo.COM, that should be cached). (packet traces show 4 A queries and then the response belatedly). We became aware through the same symptoms that PIX firewalls (with recent firmware) do not handle source port 53 queries very well. Is anyone aware of any problems with BIND 9.21 as far as forwarding goes, especially with PIX ? We have been forced to downgrade to the release version of BIND-8; this seems to perform better. Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message