From owner-freebsd-questions@FreeBSD.ORG Sat Nov 20 04:11:11 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AD53106564A for ; Sat, 20 Nov 2010 04:11:11 +0000 (UTC) (envelope-from jhall@socket.net) Received: from mf4.socket.net (mf4l.socket.net [216.106.48.209]) by mx1.freebsd.org (Postfix) with ESMTP id 39D288FC0A for ; Sat, 20 Nov 2010 04:11:10 +0000 (UTC) Received: from pcbsd-2585.localnet (216.106.19.47.reverse.socket.net [216.106.19.47]) (Authenticated sender: jhall@mf4) by mf4.socket.net (Postfix) with ESMTPA id D33FDB7532; Fri, 19 Nov 2010 22:11:09 -0600 (CST) From: Jay Hall To: Gary Gatten Date: Fri, 19 Nov 2010 22:11:07 -0600 User-Agent: KMail/1.13.5 (FreeBSD/8.1-RELEASE; KDE/4.4.5; i386; ; ) References: <1159_1290216311_4CE72377_1159_2401_1_D9B37353831173459FDAA836D3B43499A7AF8CF0@WADPMBXV0.waddell.com> In-Reply-To: <1159_1290216311_4CE72377_1159_2401_1_D9B37353831173459FDAA836D3B43499A7AF8CF0@WADPMBXV0.waddell.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201011192211.08206.jhall@socket.net> Cc: "'freebsd-questions@freebsd.org'" Subject: Re: DNS Resolution X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2010 04:11:11 -0000 On Friday, November 19, 2010 07:25:10 pm Gary Gatten wrote: > I ran into a similar situation where the ns was behind a Juniper SRX doing > NAT. Said Juniper had a "smart" DNS piece (ALG) that does special stuff on > DNS packets; max record length, special NAT, etc. I had to disable the > DNS ALG to fix the "problem". > > If your ns is behind a NATing device, start there. Or, if you can run > tcpdump on the ns, or before it hits a fw/NAT - ensure the reply packets > have the "proper" IP in them as they leave the ns. Thanks for the quick response. I think this is a problem with a piece of equipment I do not have access to. The only difference between the site experiencing the problem and the other sites I maintain is the router. If I redirect DNS queries to other sites, everything works as expected. Thanks for your help.