|
Subject: |
DNS timeouts using Gauntlet 3.2 on Solaris |
|
From: |
Ken Kempster <kempster @
monarch .
rnb .
com> |
|
Organization: |
Republic National Bank |
|
Date: |
Thu, 10 Apr 1997 09:33:01 -0400 (EDT) |
|
To: |
firewalls <firewalls @
greatcircle .
com> |
|
Comments: |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
Comments: |
Internet Message: Sender identity is not verified. |
|
Comments: |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Has anyone had problems with DNS timeouts
when using TIS's Gauntlet 3.2 on Solaris?
Here's the problem:
A reverse lookup request comes in to my primary internal
root domain server. The IP is not listed in any rev. lookup
tables and there is'nt a table that covers the segment for that IP.
So the internal root server forwards the request to my 3.2 gauntlet box
for resolution. Using snoop, I am able to see the incoming packets
from the internal server to the firewall but I never get
a response from the firewall back to the root server. thus, this
causes a 20 sec. delay in a response getting back to the requesting
host.
now, what I have done to solve this problem is create reverse lookup
dm files that handle all possibilities of reverse lookups IE: db.xxx.xxx
rather than db.xxx.xxx.xxx
But my real question here is, why would this; out of the blue; become a
problem? Nothing has changed on the internal DNS structure and
the firewall was swapped from BSD to solaris OS 6 to 8 weeks prior to this
starting to happen.
This DNS timeout problem caused some major system problems for me and
what I'm looking for is if anyone may know of anything that would or could have
caused this to start happening on a system that has been in place for
two years.
Any insite on this would be great..
thanx.
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
| Ken Kempster kempster @
monarch .
rnb .
com |
| Network Systems Engineer _\|/_ |
| Republic National Bank (o o) |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOO-(_)-OOo~~~~~~~~~~~~~~
|
|
