Re: pf.conf newbie help
From: Danilo Kempf (usenet_at_nullpointer.de)
Date: 08/25/04
- Next message: erik van westen: "Re: pf.conf newbie help"
- Previous message: Ano Niem: "Re: OpenBSD & Serial LCD: Solution"
- In reply to: Dennis Russo: "Re: pf.conf newbie help"
- Next in thread: erik van westen: "Re: pf.conf newbie help"
- Reply: erik van westen: "Re: pf.conf newbie help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 25 Aug 2004 15:00:30 +0200
> Ah, I was allowing port 53 as tcp, not udp. That is my error...
Dennis,
While passing traffic for UDP/53 will make your DNS lookups work, don't
delete your TCP/53 rule just yet.
Most of the time DNS is done via UDP, but it has a builtin limit. DNS
messages may/should not grow beyond 512 bytes. When they get longer, the
DNS server will truncate the result. Upon receiving a truncated result to a
DNS query, any sane resolver will retry the same query via TCP.
So to spare you some spurious errors, also pass TCP/53.
Regards, Danilo
- Next message: erik van westen: "Re: pf.conf newbie help"
- Previous message: Ano Niem: "Re: OpenBSD & Serial LCD: Solution"
- In reply to: Dennis Russo: "Re: pf.conf newbie help"
- Next in thread: erik van westen: "Re: pf.conf newbie help"
- Reply: erik van westen: "Re: pf.conf newbie help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
