My GB EXT interface resides at an IP address which is registered as a name server with the Internic. I provide DNS for several Internet domains via a DNS server behind the GB. (a second DNS server behind GB is used for the PRO and PSN networks only.) I am finding log entries which seem to indicate that the Internet root name servers have been attempting to contact my DNS server via ICMP.
I have UDP port 53 open to the world, and TCP port 53 open only to selected DNS servers which perform authorized zone transfers from my DNS server. Can anyone enlighten me on why the root name servers would want to contact my DNS server via ICMP, and whether I should open a filter for the root name servers by IP address? Feb 26 03:15:09 192.168.2.254 FILTER: Remote access filter blocks: ICMP ed0 [192.203.230.10/3]->[x.x.242.112/3] l=32 f=0x3.
