[ previous ] [ next ] [ threads ]
 
 From:  Peter <peter at iwebsl dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] firewall rule for TCP DNS
 Date:  Thu, 6 Apr 2006 11:21:31 -0400
My NAT rule looks like this:

 WAN  	 TCP/UDP  	 53 (DNS)  	 192.168.1.2  	 53 (DNS)  	 DNS server

My Rules look like this:

 TCP/UDP  	 *  	 *  	 192.168.1.2	 53 (DNS)  	 NAT DNS server 

Are you sure your DNS server responds to TCP requests?

Regards,
Peter

On Thu, 6 Apr 2006 17:14:41 +0200, Eugen Leitl wrote:
>
>
> I'm trying to set up a firewall rule to also
> allow TCP DNS resolution along with UDP to
> get rid of warnings like
>
> http://dnsreport.com/tools/dnsreport.ch?domain=leitl.org
>
> WARNING: One or more of your DNS servers does not accept TCP
> connections. Although rarely used, TCP connections are occasionally
> used instead of UDP connections. When firewalls block the TCP DNS
> connections, it can cause hard-to-diagnose problems. The problem
> servers are:
>
> 62.245.233.242: Error [Connect fail: 0].
>
> but haven't managed to do it yet. TCP/UDP is not it.
> Dedicated rule for TCP and UDP each ain't it either.
>
> Any suggestions?

  ------------------------------------------------
  Peter, peter at iwebsl dot com on 4/6/2006