Re: Resolver problems

To: NetBSD Users <netbsd-users%netbsd.org@localhost>
Subject: Re: Resolver problems
From: Ingolf Steinbach <ingolf.steinbach%googlemail.com@localhost>
Date: Thu, 3 Dec 2009 09:33:23 +0100

2009/12/3 David Huang <khym%azeotrope.org@localhost>:
>> What's also unclear: what is the reason for the "port ... unreachable"
>> ICMP messages?
>
> That seems like a more likely reason for the delay--on my machines, the 
> resolver asks for an AAAA record, and if there isn't one, it immediately asks 
> for an A record. The delay added by the AAAA query is in the order of 
> milliseconds. Is there any chance that ipfilter/pf on the NetBSD box is 
> rejecting the DNS responses from your name server?

It turns out that the question was wrong: I should have asked for a
possible explanation of the UDP messages sent from router:3072 to the
"resolver" port. Does anyone have an explanation for that? Could this
be some special protocol which is not implemented or has to be
explicitly activated on NetBSD?

(That this UDP results in the "port unreachable" is clear to me.)

Another question: Is there a light-weight DNS proxy (in pkgsrc) which
can be configured to filter out AAAA queries and just reply NXDOMAIN?
Or can bind be configured this way?

The cause for my problems seems indeed to be the lack of (correct)
AAAA support in my router's name server.

And no, the NetBSD box does not filter out DNS responses: The
responses to the A queries are received correctly. I have not
implemented any filtering rules (other than those which might be
active automatically on a freshly installed system).

Ingolf

References:
- Resolver problems
  - From: Ingolf Steinbach
- Re: Resolver problems
  - From: David Huang

Prev by Date: Re: Resolver problems
Next by Date: Re: Resolver problems
Previous by Thread: Re: Resolver problems
Next by Thread: Re: Resolver problems
Indexes:

Home | Main Index | Thread Index | Old Index