On Mon, May 17, 1999 at 01:32:39PM -0400, Greg Owen {gowen} wrote:
> My firewall passed DNS-UDP packets from the mail hosts, but not DNS-TCP.
> The site in question had a large number of PTR records, which would cause a
> reply large enough to be run over DNS-TCP instead of UDP. Thus, reverse
> lookups worked for almost everyone, but not this site. Allowing DNS-TCP AND
> UDP fixed the problem (and should have been the configuration to begin
> with).
General safety tip with network/firewall ACLs: turn on logging of rejected
packets - that way you would have found out quicker...
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
