I am unable to get pf to allow zone transfer traffic to happen. Here is my setup:
172.16.100.122 = dns slave
172.16.10.177 = dns master
The slave can do queries using drill example.com @172.16.10.177 but zone transfers totally fail. The traffic is being dropped by PF.
I tried to make rules to explicitly pass in traffic coming from port 53 as well but it is still being dropped.
This code is at the top of all pass rules and pf seems to be ignoring it.
Any ideas?
172.16.100.122 = dns slave
172.16.10.177 = dns master
The slave can do queries using drill example.com @172.16.10.177 but zone transfers totally fail. The traffic is being dropped by PF.
Code:
drill -t axfr example.com @172.16.10.177
Code:
block in on vlan10: 172.16.10.177.53 > 172.16.100.122.23383: Flags [S.], seq 636995862, ack 2691157684, win 65535, options [mss 1460,nop,wscale 7,sackOK,TS val 870150398 ecr 339277532], length 0
I tried to make rules to explicitly pass in traffic coming from port 53 as well but it is still being dropped.
Code:
pass in quick on vlan10 inet proto tcp from 172.16.10.177 to any flags S/SA keep state label "DNS testing"
pass in quick on vlan10 inet proto udp from 172.16.10.177 to any keep state label "DNS testing"
This code is at the top of all pass rules and pf seems to be ignoring it.
Any ideas?