Date: Thu, 05 Dec 2002 12:37:47 +1100 From: Mark.Andrews@isc.org To: Stanley Hopcroft <Stanley.Hopcroft@ipaustralia.gov.au> Cc: FreeBSD-stable@FreeBSD.ORG Subject: Re: Anyone had any problems with BIND-9 forwarding queries through PIX devices ? Message-ID: <200212050137.gB51bltB003074@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 04 Dec 2002 22:40:14 %2B1100." <20021204224012.F214@IPAustralia.Gov.AU>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Dear Sir or Madam, > > We have been using the ports version of BIND 9 on 4.7-RELEASE (and > 4.6-RELEASE before) without any problems. > > Recently however, forwarded queries to our provider frequently take ~ 12 > seconds to resolve (for names such as www.Yahoo.COM, that should be > cached). > > (packet traces show 4 A queries and then the response belatedly). > > We became aware through the same symptoms that PIX firewalls (with > recent firmware) do not handle source port 53 queries very well. > > Is anyone aware of any problems with BIND 9.21 as far as forwarding > goes, especially with PIX ? > > We have been forced to downgrade to the release version of BIND-8; this > seems to perform better. It's a issue with any server that supports EDNS (BIND 8 and BIND 9 both support EDNS). CISCO have been aware of this for a long time. I've heard a rumour that CISCO have actually fixed this. I suggest that you contact the CISCO TAC. At least you will then be informed when they have a fix, if not be told what the fix is. Mark > Yours sincerely. > > > -- > ------------------------------------------------------------------------ > Stanley Hopcroft > ------------------------------------------------------------------------ > > '...No man is an island, entire of itself; every man is a piece of the > continent, a part of the main. If a clod be washed away by the sea, > Europe is the less, as well as if a promontory were, as well as if a > manor of thy friend's or of thine own were. Any man's death diminishes > me, because I am involved in mankind; and therefore never send to know > for whom the bell tolls; it tolls for thee...' > > from Meditation 17, J Donne. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212050137.gB51bltB003074>