NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] stateful firewalling and clustering.



Greetings!

Langa Kentane schrieb:

> Turns out that our ISP has a DNS server cluster.  Machine B being the
> virtual/primary [whatever] address for the DNS cluster.  Now what happens is
> that when our mail server does a DNS query to machine B, machine A answers
> the query and because machine A does not have a valid connection in the
> state table, the packets are being dropped.

Dirty quick-fix (to get the service up and running while working on solving the
problem):

    Create a service "DNS_answers", allow this service from A and B into your
network.


Solution (1):
    Talk to your ISP - he should set up his clustering properly.
    Explain your problem with his "solution" to him and ask for help.

Solution (2):
    Use a different upstream DNS server - maybe from a different ISP,
    maybe  your own (cacheing-only) DNS server.

Bye
    Volker

--

Volker Tanger  <[email protected]>
 Wrangelstr. 100, 10997 Berlin, Germany
    DiSCON GmbH - Internet Solutions
         http://www.discon.de/




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.