Re: Does PIX IOS version 6.1(5) have a problem with DNS zone tra

wjemail · ‎03-01-2007

Hi guys,

I experienced an issue when I configured zone tansfer between 2 dns servers at internal and external zones. The PIX version is 6.1(5). I believe all the ports (TCP and UDP)are opened. Actually, from internal DNS server, I could query the external DNS server (which is UDP traffic), as well, I could use the 'dig' command to manually transfer the zone file from the external DNS server (which is TCP traffic). However, I could not use 'rdnc reload' to transfer the zone file from the external server (which is UDP traffic). From the firewall log, I got the following information as attached.

However, I tested from a PIX with version 6.3. The 'rndc reload' command worked.

Does anybody have some idea? Thanks in advance.

Wang Jun

wjemail · ‎03-01-2007

up!

suschoud · ‎03-02-2007

hi,

the logs which you have attached suggest the connection is bilt up properly.as well as the teardown is normal,i.e,without any interruption at either ends.It's a normal tcp close down sequence with out any flags,but the data transferred in verl low ( 1 byte ).I would recommend you to upgrade to 6.3.5 gd release as that's far more caveat free then 6.1.as far as your question as to what might cause this,i m not sure as logs look fine. ( in fact in 6.1,logs did n't use to give much info )...hope this helps.

Does PIX IOS version 6.1(5) have a problem with DNS zone transfer?