[Pdns-users] DNS resolution problem with pdns-recursor-3.3

ktm at rice.edu ktm at rice.edu
Tue May 24 15:27:58 UTC 2011

On Thu, Apr 21, 2011 at 10:52:42PM +0200, bert hubert wrote:
> On Thu, Apr 21, 2011 at 03:33:31PM -0500, Kenneth Marshall wrote:
> > I am sorry, but I think this has been a wild goose chase regarding a
> > bug in the recursor. The existing 3.3 version works just fine with
> > resolving cdn4.digitalconcerthall.com from a system outside our
> > network. I am going to start looking into a firewall or networking
> > problem. Thank you for your assistance and I will let you know what
> > I find and hopefully it will help someone else.
> Thanks Kenneth - based on your traces, I thought this might be the case.
> It starts with a clara.net server giving a truncated response, truncated in
> mid-packet. This might upset a firewall somewhere.
> Such truncation is often caused by.. powerdns authoritative server by the
> way..
> 	Bert
Hi Bert,

Just to close the loop on this problem. The cause was the DNS ALG (application
layer gateway) in our Juniper firewall product. Apparently, if it is not
explicitly disabled in the configuration, it is enabled by default and it is
not obvious that it is enabled. We turned that off and the DNS lookup problem
ceased. Thank you again for a wonderful product and your time looking into
this problem.


More information about the Pdns-users mailing list