Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ---------------------------------- A few comments.
1. I would only run an external accessible DNS server from the PSN not the Protected network. 2. TCP/53 is used for zone transfers, while UDP/53 is used for updates. So this is required to allow the secondary name server to perform an update. 3. I would create a Remote Access filter that only allowed your designated secondary name server to perform a zone transfer. 4. Just because you update the serial number doesn't mean that the secondary name server is correctly accessing your name server for the update. The update (zone transfer) must be initiated by the secondary server. To check if this is happening, simply set the Log value on the zone transfer remote access filter (mentioned in 3) to "Yes". Then check your log files for the access entry. If there is not access entry then the zone transfer did not occur. You should also be able to ask the administrator of the secondary server to force a transfer and you can watch the logs/console for the activity/blocks. PS. The O'Reilly and Associates, "DNS and BIND" 2nd edition is an excellent book on this topic. Paul >Send postings to: [EMAIL PROTECTED] >Access the list archives at: >http://www.gnatbox.com/gb-users/ >---------------------------------- >At 12:03 PM 1/24/00 -0500, Justin Fisher wrote: >>I have made changes to my local DNS server that is located on the >>Protected Network and the changes are not being propagated out to >>the internet. I had a tunnel open on UDP port 53, and have just >>opened up TCP 53 as well. I can't understand why changes are not >>being sent out (even after updating the serial number of the DNS >>database). I am now suspecting that the changes are being blocked >>from being sent out or that queries are not being allowed inbound. >>Any help anyone could offer would be greatly appreciated. > >Comments: > * DNS is UDP port 53 only, so a TCP inbound tunnel is not necessary. > * Your DNS Server is on your PROTECTED network? Why? It should >be on the PSN (Private Service Network). > * Do you see anything in your log files or on the gb console that >would indicate the DNS requestes are arriving at the EXTERNAL >interface, and are being rejected? > * Chances are that nothing is being blocked from "going out", at >least not by default. More likely that requests are blocked when >they arrive on the EXT interface. > * Have your "Verified" your configuration to look for config errors? >Another test: Ask someone else who has a name server to perform a >"zone transfer" of one of the domains in your DNS database. They >would only need to know your gb IP address and the domain name of a >domain you host, and you will need to allow them to do zone >transfers if you have that function restricted. (see your DNS/BIND >documentation for details on restricting zone transfers). > > >---------- >Joe Biniskiewicz Tel: 805 496-6043 >EdgeGate Networks Fax: 805 435-2000 >Thousand Oaks, CA 91360 <mailto:[EMAIL PROTECTED]> > >---------- > >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message ------------------------------------------------------------------------- Paul Emerson Tel: +1.407.380.0220 x106 Global Technology Associates, Inc. Fax: +1.407.380.6080 3505 Lake Lynda Drive Mobile: +1.407.497.3379 Suite 109 Pager: +1.888.440.8232 Orlando, Florida 32817 Email: [EMAIL PROTECTED] USA Mobile Email: [EMAIL PROTECTED] Web: http://www.gta.com ------------------------------------------------------------------------- ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
