Are you sure this isn't a BIND problem and not iptables? If it's iptables then you should log all droped/rejected packets and find out which ones are dropping and why. Do you have some funky rules like dropping fragmented packets or anything else? Some BIND servers use TCP instead of UDP to transfer zone info but this may(not) be your problem.. LOG, LOG, LOG and if it doesn't catch it then it's probably a BIND issue.. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Martin Ferrari - Decidir IT [mailto:mferrari@xxxxxxxxxxx] Sent: Thursday, 2 October 2003 4:33 AM To: 'Netfilter list (E-mail)' Subject: urgent - netfilter rejecting 60% of DNS requests! Hi, I don't know what's happening, but I discovered that my firewall is currently rejecting with port unreachable about 60% of the DNS queries I receive, but this is not happening with the other kind of traffic I manage (http and smtp). I use connection tracking and ip_conntrack_max is set to 32k. Dmesg doesn't report anything! Please, ANY help would be greatly welcomed! --- Martin Ferrari Administrador UNIX Decidir ________________________________________ mailto:mferrari@xxxxxxxxxxx Visítenos en http://www.decidir.com Decidir.com International Ltd. ******************* Confidencialidad en Internet Email ******************** Este mensaje puede contener información confidencial. Si usted no es el destinatario de este mail, o la persona encargada de recibir los mensajes para dicha persona, por favor no copie ni reenvíe este mensaje. De ser así, por favor destruya este mensaje y de ser tan amable notifique al remitente con un Email. En caso de no querer recibir esta clase de información via Internet por favor avísenos cuanto antes. Conclusiones, opiniones y cualquier otro tipo de información que contenga este mensaje y que no este directamente relacionado con el rubro oficial de esta Empresa, no debe ser tomado en cuenta.
