I have a PIX Firewall running 4.0.7 and DNS configured with a
split-horizon topology.
The old DNS servers are running BIND 4.8.3 and they work fine. I also
have two new servers, one internal and one external running BIND 4.9.6
and unfortunately I have problems with those. Every time the new
internal server forward a query to the external server (I use the
"forwarders" directive and the "forward-only" option) it takes several
tries for the internal server to get a response. This does not happen
with the old servers.
To debug the problem, I have also tried to forward the queries from the
new internal server to the old internal server and even if this
introduces an additional hop, it works fine and fast. Forwarding queries
from the new internal server to the old external server cause the
problem to happen again.
It looks like every time I try to forward the queries from the new
server running
4.9.6 to any of the DNS servers (old or new) on the DMZ through the PIX
I run into troubles.
I have tried this configuration from different internal servers running
4.9.6 or
with the 4.9.3 that comes with the Solaris recommended 2.5.1 patches,
same result.
I wonder if anybody has the same DNS topology (split-horizon) with BIND
at level
4.9.x and a PIX router in the middle, running without any performance
problem.
Any idea?
--
Alberto U. Begliomini Email: aub @
sirius .
com
Coldstone Consulting Phone: 415-370-7723
Theory guides, experiment decides. Fax: 415-631-8722
|
|
