We have placed our OS X 10.6 Server running DNS, Mail and Web server on the SA 540's LAN. After doing this we have had quite a few DNS problems, we get the following in the DNS Server log while e.g. trying to reach www.amazon.com from a browser on the server: (the browser hangs for about a minute until the following shows up in the log, and then the site loads)
10-Dec-2009 00:17:05.037 host unreachable resolving 'ns94.footprint.net/AAAA/IN': 2001:dc3::35#53
10-Dec-2009 00:17:05.038 host unreachable resolving 'ns94.footprint.net/AAAA/IN': 2001:500:2f::f#53
10-Dec-2009 00:17:05.114 success resolving 'ns94.footprint.net/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
10-Dec-2009 00:17:05.401 success resolving 'pdns6.ultradns.co.uk/AAAA' (in 'uk'?) after disabling EDNS
10-Dec-2009 00:17:05.404 success resolving 'ns96.footprint.net/AAAA' (in '.'?) after disabling EDNS
What I have been able to find on the net, is that people that have had the same problem changed some DNS cash settings on their router or some firewall setting in their firewall.
"Quote by: MacTroll
Your DNS server is attempting to use DNS-SEC, for validated DNS lookups. This requires a larger UDP packet size, >512 bytes, than your firewall seems to like. It then has to wait to both decide it needs to reduce packet size /and/ to get a negative result on the lookup."
"I had the same problem, after reading this and other posts I looked at my router config and enabled an option to reduce packet size for it's DNS caching, that seems to have resolved this issue for me"
"NOTE: Some older firewall firmware (such as Cisco PIX) will block all DNS packets with EDNS0 enabled.
If needed, you can disable EDNS0 in the Simple DNS Plus Options dialog / DNS / Miscellaneous section, but we highly recommend you get the firewall firmware updated instead."
I have not been able to find anything on the SA 540 that would make me do any similar changes. Any suggestions?
I tried to turn on Logging under Administration->logging but nothing shows up under Status->View Logs after that (btw, do logging work on this thing?)
SA 540 Firmware 1.0.39
BTW, I have tried this with out any firewall rules on the SA 540, with rules allowing TCP/UDP DNS(port 53) and with an allow all rule to the LAN, no changes. The server worked fine when we still had the Linksys RV042 working (dead power supply).