dns uppdates trough pix 515 with ver 7

jenseike · ‎10-24-2006

hi all...

I have a dns server on outside and a dns server on my dmz.. they are sending updates between each other..

Problem is that this update that normaly take about 1 or less second are trough the pix using up to 20 min..

This is logg

6|Oct 24 2006 08:12:09|609001: Built local-host outside:193.69.52.1

6|Oct 24 2006 08:12:09|609002: Teardown local-host outside:193.69.52.1 duration 0:00:00

6|Oct 24 2006 08:12:09|302016: Teardown UDP connection 2948003 for outside:193.69.52.1/53 to DMZ:85.112.145.34/1047 duration 0:00:00 bytes 9619

6|Oct 24 2006 08:12:09|302015: Built outbound UDP connection 2948003 for outside:193.69.52.1/53 (193.69.52.1/53) to DMZ:85.112.145.34/1047 (85.112.145.34/1047)

6|Oct 24 2006 08:12:09|609001: Built local-host outside:193.69.52.1

6|Oct 24 2006 08:11:09|302016: Teardown UDP connection 2947941 for outside:193.69.52.1/16512 to DMZ:85.112.145.34/53 duration 0:00:00 bytes 188

6|Oct 24 2006 08:11:09|302015: Built inbound UDP connection 2947941 for outside:193.69.52.1/16512 (193.69.52.1/16512) to DMZ:85.112.145.34/53 (85.112.145.34/53)

looks like it take the connection up and down many times.. I am not sure what or why this is happening...

Any idea??

JP

0r8it · ‎10-24-2006

Hi JP,

whats the teardown time for UDP set to on your device?

regards,

gary

jenseike · ‎10-24-2006

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

JP

unicmd · ‎10-24-2006

you running "fixup" on DNS ?

try to disable this

Martin

jenseike · ‎10-24-2006

i have even tried to disable this although I dont think this have anything to do with this.. It did not either do anything for me.

anybody that knows what could be happening here?

JP