On 17 Jan 2013, at 06:44, lilit-aibolit wrote: > On 01/17/2013 11:27 AM, Vadim Zhukov wrote: >> >> At first, find where the flow gets stopped: enable debug logging on resolver >> and add "match log (matches) to port 53" rule as first one in your firewall. >> Then probably you'll see the problem yourself.
> match log on $ext_if inet proto udp to port 53
Don't you want:
match log on $ext_if inet proto {tcp, udp} to port 53
Michael
