[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] stateful firewalling and clustering.
Greetings! Langa Kentane schrieb: > Turns out that our ISP has a DNS server cluster. Machine B being the > virtual/primary [whatever] address for the DNS cluster. Now what happens is > that when our mail server does a DNS query to machine B, machine A answers > the query and because machine A does not have a valid connection in the > state table, the packets are being dropped. Dirty quick-fix (to get the service up and running while working on solving the problem): Create a service "DNS_answers", allow this service from A and B into your network. Solution (1): Talk to your ISP - he should set up his clustering properly. Explain your problem with his "solution" to him and ask for help. Solution (2): Use a different upstream DNS server - maybe from a different ISP, maybe your own (cacheing-only) DNS server. Bye Volker -- Volker Tanger <[email protected]> Wrangelstr. 100, 10997 Berlin, Germany DiSCON GmbH - Internet Solutions http://www.discon.de/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|