NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] beginner's question on DNS

Title: RE: [FW1] beginner's question on DNS
I would suggest (maybe because of my paranoia :) that instead of using CheckPoints pseudo-implied rules from the policy properties dialog box (suggestion #4 below) to instead manually create a rule or possibly rules for any DNS actions you may need to occur.  I think it is more secure not to use their rules and can help reduce the instance of certain problems or issues in the future. (i.e. say you want domain-udp to encrypt over site-to-site VPN links, you may forget that you have that implied rule and it is catching the query from hitting your VPN rules or something silly like that...)
 
Just my $0.02....
 
Jarrett
-----Original Message-----
From: Thuan Pham [mailto:[email protected]]
Sent: Thursday, May 03, 2001 12:12
To: 'John Tanouye'; '[email protected]'
Subject: RE: [FW1] beginner's question on DNS

        John:

        Here are some suggestions to check before proceeding further:

        1. Your DNS server is sitting on the DMZ zone.
        2. There is a static route that points to the DNS server on the router that the CheckPoint Firewall-1 is connected to.

        3. There is also a static route that point to the DNS server on the CheckPoint Firewall-1.
        4. ON the Security Policy Properties panel, ensure that the followings are checked:
                a. Accept Domain Name over UDP (Querries)
                b. Accept Domain Name over TCP (Zone Transfer)

        Hope this help.

        Thuan Pham



-----Original Message-----
From: John Tanouye [mailto:[email protected]]
Sent: Tuesday, May 01, 2001 3:23 PM
To: '[email protected]'
Subject: [FW1] beginner's question on DNS



Could anyone tell me how to set up DNS on Firewall-1?  I have pretty much
everything else running.  However nothing works, because I believe that the
DNS isn't set up.

Thanks,

John


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.