Lars Hecking wrote:
options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; listen-on port 53 { 127.0.0.1; 172.25.50.10; }; version "DNS Server v2.0"; dnssec-enable no; query-source port 53; forwarders { 208.67.220.220; 208.67.222.222; }; };
As you can see, I need to use "query-source port" param too with forwarders to resolv names (and this is really really ugly).
Explicit query-source port breaks port randomisation and is highly insecure. Your problem may be an incorrectly configured firewall that only accepts outgoing queries originating from source port 53 - it needs to accept all outgoing queries for destination port 53.
Thanks lars. Correctly, firewall could be the problem, but it isn't. Because Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves perfectly ... And I don't have configured this firewall to accept dns queries originating from source port 53 ...
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos