Date: Thu, 6 Mar 2003 22:14:46 -0600 From: David Kelly <dkelly@HiWAAY.net> To: Paolo M <fabrica64@yahoo.com> Cc: questions@FreeBSD.ORG Subject: Re: BIND stange behavior Message-ID: <200303062214.46223.dkelly@HiWAAY.net> In-Reply-To: <20030306223219.97432.qmail@web14810.mail.yahoo.com> References: <20030306223219.97432.qmail@web14810.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 06 March 2003 04:32 pm, Paolo M wrote: > Did you check with a Windows box too? I am remembering > I also got this error from a Windows box but now I am > no more sure about it (I only use Jaguar at home). The past year or so I've not allowed any but UDP port 53 thru the firewall. But when I got tired of lengthy delays and often down ISP nameservice I enabled named with "forward only", and finally broke down and created a private internal namespace/zone for the company. Had not yet changed the internal DHCP to point the internal mostly-NT systems at my nameserver. But had pointed my desktop Mac at it. This morning when I opened my morning-ritual 18 URLs all at once with Chimera-ne-Camino, was having a lot of problems. Some got thru quickly, others much slower, many but not all timed out. Adjusted ipfw rules to log denied packets to/from my Mac and quickly saw TCP port 53 being denied. Opened up port 53 to internal TCP and cured the problem. One thing I suspect is my FreeBSD 4.7-p6 nameserver responds in such a way as to make MacOS X think TCP is legal. I don't believe the Mac ever tried TCP talking to the ISP nameservice. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303062214.46223.dkelly>