Date: Thu, 5 Dec 2002 08:41:38 +0100 (CET) From: Jens Fallesen <jens@fallesen.dk> To: FreeBSD-stable@FreeBSD.ORG Cc: Stanley Hopcroft <Stanley.Hopcroft@ipaustralia.gov.au> Subject: Re: Anyone had any problems with BIND-9 forwarding queries through PIX devices ? Message-ID: <Pine.BSF.4.21.0212050834500.50616-100000@phb.avic.dk> In-Reply-To: <200212050137.gB51bltB003074@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 5 Dec 2002 Mark.Andrews@isc.org wrote: > It's a issue with any server that supports EDNS (BIND 8 and > BIND 9 both support EDNS). CISCO have been aware of this > for a long time. I've heard a rumour that CISCO have > actually fixed this. I suggest that you contact the CISCO > TAC. At least you will then be informed when they have a > fix, if not be told what the fix is. This appears to match Cisco bug ID CSCdv83025. It does not have a status of "resolved" but is listed as fixed in PIX software versions 6.0(4), 6.1(4), and 6.2(1). If your PIX is covered by a service agreement with software upgrades, you can just upgrade, otherwise Cisco TAC will be able to help you. If, for some reason, you cannot use one of these versions, a workaround is to explicitly permit outbound DNS traffic with source port 53. -- Jens Fallesen <jens@fallesen.dk> AVIC Internet Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0212050834500.50616-100000>