DNS / Firewall

     Several people have reported slow DNS response using our name servers, yet
those same servers have been responding fine internally.

     This started when I re-worked the firewall rules.  I did determine what
the problem was and it is corrected now.

     Technical details follow:

     I had an error in the rule allowing UDP traffic to port 53 of the name
servers, I had:
     Permit To udp dst = 53

     This should have been:

     Permit To udp dst = 53

     The /31 is a netmask which tells the router to allow two IP's, and through.  Without this only requests to was allowed through.  So if your machine happened to query first, your response was delayed until your machine timed out and

     This has been corrected now and you should see normal DNS response times.

