Groups | Search | Server Info | Login | Register

Groups > comp.protocols.dns.bind > #16051

Re: intermittent failures and queries sent over TCP

Path csiph.com!3.eu.feeder.erje.net!feeder.erje.net!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From David Newman <dnewman@networktest.com>
Newsgroups comp.protocols.dns.bind
Subject Re: intermittent failures and queries sent over TCP
Date Tue, 18 Aug 2020 18:12:45 -0700
Lines 14
Approved bind-users@lists.isc.org
Message-ID <mailman.804.1597799531.942.bind-users@lists.isc.org> (permalink)
References <6538a35f-d361-7522-a34f-65defb021f05@networktest.com> <83C7A42D-9AEC-494C-8765-0AFB612253E0@isc.org> <40a3ce22-5394-7511-4e18-9cb25baa94b7@networktest.com>
NNTP-Posting-Host lists.isc.org
Mime-Version 1.0
Content-Type text/plain; charset=utf-8
Content-Transfer-Encoding 7bit
X-Trace usenet.stanford.edu 1597799578 6852 149.20.1.60 (19 Aug 2020 01:12:58 GMT)
X-Complaints-To action@cs.stanford.edu
Cc bind-users@lists.isc.org
To Mark Andrews <marka@isc.org>
Return-Path <dnewman@networktest.com>
X-Original-To bind-users@lists.isc.org
Delivered-To bind-users@lists.isc.org
Authentication-Results mail9.networktest.com (amavisd-new); dkim=pass (1024-bit key) reason="pass (just generated, assumed good)" header.d=networktest.com
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/simple; d=networktest.com; h=content-transfer-encoding:content-language:content-type :in-reply-to:mime-version:user-agent:date:message-id:from :references:to:subject; s=dkim; t=1597799566; x=1600391567; bh=8 O/AM7ePisPB1mBZV6MzgahnrIOekULIDrAaO4KHcp0=; b=YvS/4S97mj7TqmMQW QUszn2OBMQN4smKQvHt8aq7EpWRaGHa6dEIY2zqHnbWkjBPyyaITmbEntqIt9bnh 0D6I6RTEov3CKnokGB0GgMOB2eJ5giPUplKRiqRSioPZ+UpuxyC0gWfegVPrWAIm eKboetVCl3iviwCHw8pPtzPuX8=
X-Virus-Scanned Debian amavisd-new at mail9.networktest.com
X-Spam-Score 0
X-Spam-Level
X-Spam-Status No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
In-Reply-To <83C7A42D-9AEC-494C-8765-0AFB612253E0@isc.org>
Content-Language en-GB
X-Spam-Checker-Version SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere bind-users@lists.isc.org
X-Mailman-Version 2.1.29
Precedence list
List-Id BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive <https://lists.isc.org/pipermail/bind-users/>
List-Post <mailto:bind-users@lists.isc.org>
List-Help <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID <40a3ce22-5394-7511-4e18-9cb25baa94b7@networktest.com>
X-Mailman-Original-References <6538a35f-d361-7522-a34f-65defb021f05@networktest.com> <83C7A42D-9AEC-494C-8765-0AFB612253E0@isc.org>
Xref csiph.com comp.protocols.dns.bind:16051

Show key headers only | View raw

On 8/18/20 5:55 PM, Mark Andrews wrote:

> If you are getting RST responses check your firewall settings.  RST is often forged
> when TCP is blocked.  The root servers normally accept TCP connections.
> 
> % dig +tcp gmail.com @a.root-servers.net +dnssec

Bingo. This query failed before adding a rule to the upstream firewall
to allow outbound queries, and works now.

Thanks!

dn

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: intermittent failures and queries sent over TCP David Newman <dnewman@networktest.com> - 2020-08-18 18:12 -0700

csiph-web