Lars Hecking wrote:
>> options {
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> listen-on port 53 { 127.0.0.1; 172.25.50.10; };
>> version "DNS Server v2.0";
>> dnssec-enable no;
>> query-source port 53;
>> forwarders { 208.67.220.220; 208.67.222.222; };
>> };
>
>> As you can see, I need to use "query-source port" param too with forwarders to
>> resolv names (and this is really really ugly).
>
> Explicit query-source port breaks port randomisation and is highly insecure.
> Your problem may be an incorrectly configured firewall that only accepts
> outgoing queries originating from source port 53 - it needs to accept all
> outgoing queries for destination port 53.
>
>
Thanks lars. Correctly, firewall could be the problem, but it isn't. Because
Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves
perfectly ... And I don't have configured this firewall to accept dns queries
originating from source port 53 ...
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
CL Martinez
carlopmart {at} gmail {d0t} com