Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device

To: [email protected]
Subject: Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
From: Jim Laverty <[email protected]>
Date: Wed, 10 Sep 2003 09:52:00 -0400
Importance: Normal
In-reply-to: <[email protected]>
Organization: Wang Trading LLC
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I'm assuming your DNS response time for internal servers/clients are fine.

What O/S is the DNS server running on?  Are you running bind internally or
some other DNS server?

Have you run nslookup or dig in debug mode to see what the the client DNS
request is actually doing?

Are you allowing external DNS responses through the firewall?

Can the internal DNS reach the IP address (e.g. not using a host name) of
the external DNS server?

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of
straightLiners IT Security Team
Sent: Wednesday, September 10, 2003 8:32 AM
To: [email protected]
Subject: [FW-1] DNS and Check Point Firewall-1 on Nokia device


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hello !

I encounter the problem, that DNS resolution doesn't work out properly.

When a clients asks the internal DNS to resolve a host's name it takes
seriously long resulting in a time-out. The internal DNS forwards the
request to a specific external DNS server but obviously gets no answer.
Instead its digging recursively a series of unknown DNS server. After about
half a minute everything's fine and the host will resolve within  a few ms.

When digging the external DNS directly everything's within normal response
times.

I did a test setup at home using the same configuration files and
everything's working out just fine.

The firewall is a hardware device from Nokia running Check Point Firewall-1.

Does anyone know that problem? Which ACLs work out fine and are secure,
still? Any other ideas?

- --

straightLiners IT Consulting & Services
IT Security Department
Sebastian Schneider
Metzer Str. 12
13595 Berlin
Germany

Phone: +49-30-3510-6168
Fax: +49-30-3510-6169

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

This E-Mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this E-Mail in error please
notify the sender immediately and destroy this E-Mail. Any unauthorized
copying, disclosure or distribution of the material in this E-Mail is
strictly forbidden.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/XxnGHui/4z3QSJoRAjlRAJ9+NvgzqyhpspxoFKmwoQzRA/u6zgCaA0e3
8dOgXpqxu64G1OmUxNlC2gs=
=KR+m
-----END PGP SIGNATURE-----

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



Note:
This message is for the named person's use only.  It may contain confidential, proprietary or legally privileged information.  No confidentiality or privilege is waived or lost by any mistransmission.  If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender.  You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks.
Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
  - From: straightLiners IT Security Team <[email protected]>

References:
- [FW-1] DNS and Check Point Firewall-1 on Nokia device
  - From: straightLiners IT Security Team <[email protected]>

Prev by Date: Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
Next by Date: [FW-1] Migration from NG FP3 to NG-AI on SecurePlatform
Previous by thread: Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
Next by thread: Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
Index(es):
- Date
- Thread