[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Strange log entries for domain-udp packets
hi there, i'm running an internal and an external nameserver and i'm looking for the cause of very strange dns problems at our site. from time to time our internal dns-server hangs up, it seems it doesn't forward any more. only after stop/start of the nameserver daemon dns works again. a tcpdump says that the internal nameserver forwards its request to the external one (it seems it does forwardind after all). but i can't say if the external one works fine, because i've got no tcpdump of it. :( let me explain how our dns is set up: the internal one gets requests from clients and forwards unknown hosts, e.g. www.ibm.com to the external one, which directly asks rootnameservers and so on. boths nameserver reside in a dmz of 4.1 SP5+RDP-hotfix box (nokia 3.4). when our dns works fine, I often see strange entries in my log, maybe they are a hint to my problems: service - source - dest - src-port *src-port-int. ns* - *ext. ns* - *int. ns* - domain-udp ... (denied by my last catch-all deny rule). for me it seems that fw-1 sometimes blocks packets back from the external ns to the internal ns. my udp-timeout is set to 60sec and traffic is medium-heavy, so I don't believe, these are timed-out connections. does anybody know if there are some known dns issues with my current version or if this is a "normal" situation? best regards marcus ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|