Comment 345 for bug 417757
Revision history for this message
|
|
#345 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
(In reply to comment #7, #8)
re: #8, Sorta. The addition of UDP "sessions" is not always/ever a great idea. Individual vendor implementations might have different methods that work in some/most cases and others that don't work at all. However, stateful packet inspection is something that everyone has to deal with and I would be surprised if our particular firewall vendor is not the only firewall in the world that will run into this issue. As a note, we also have this issue with our Juniper ISGs.
re: #7, We also have an issue using our Foundry ServerIron 450s as load balancers for our DNS traffic. We have "worked around" our issues with a few of our firewalls by adding rules to allow the sessions but have yet to solve how to properly implement a working LB situation for DNS clients that behave the way that glibc is right now.
If it's not that expensive to open up two ports to send the packets out at the same time not waiting for one response or the other, it might be best.