[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
I have the same problem with firewall NG FP3 and BIND 8.2.3 -----Original Message----- From: Neil Kemp (Business Sense) [mailto:[email protected]] Sent: Wednesday, September 10, 2003 2:58 PM To: [email protected] Subject: Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device I had a similar issue - what version of Firewall -1 are you running ? Regards Neil Kemp Security Consultant Business Sense IT Ltd _____ Suite 296, 17 Holywell Hill, St Albans, AL1 1DT. Å +44 (0) 8700 201694 Ë +44 (0) 7958 545129 Ê 07092 153679 + [email protected] " http://www.businesssense.co.uk http://www.secureadvice.co.uk http://www.adsllink.co.uk -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of straightLiners IT Security Team Sent: 10 September 2003 13:32 To: [email protected] Subject: [FW-1] DNS and Check Point Firewall-1 on Nokia device -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello ! I encounter the problem, that DNS resolution doesn't work out properly. When a clients asks the internal DNS to resolve a host's name it takes seriously long resulting in a time-out. The internal DNS forwards the request to a specific external DNS server but obviously gets no answer. Instead its digging recursively a series of unknown DNS server. After about half a minute everything's fine and the host will resolve within a few ms. When digging the external DNS directly everything's within normal response times. I did a test setup at home using the same configuration files and everything's working out just fine. The firewall is a hardware device from Nokia running Check Point Firewall-1. Does anyone know that problem? Which ACLs work out fine and are secure, still? Any other ideas? - -- straightLiners IT Consulting & Services IT Security Department Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-3510-6169 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This E-Mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this E-Mail in error please notify the sender immediately and destroy this E-Mail. Any unauthorized copying, disclosure or distribution of the material in this E-Mail is strictly forbidden. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/XxnGHui/4z3QSJoRAjlRAJ9+NvgzqyhpspxoFKmwoQzRA/u6zgCaA0e3 8dOgXpqxu64G1OmUxNlC2gs= =KR+m -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|