[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DNS and Check Point Firewall-1 on Nokia device
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeppers, the resolution of internal host works really fast with response times below 1ms. The DNS (bind9) is running on a Linux kernel 2.4.x machine. The bind is an internal DNS doing forwarding to an external one. I even started the bind in debug level 9 but didn't get a real huge list with some timeouts. So I guess packets got drop at the firewall. When digging the external DNS directly, everything's just fine. External DNS is reachable. Thanks, Sebastian On Wednesday 10 September 2003 15:52, Jim Laverty wrote: > I'm assuming your DNS response time for internal servers/clients are fine. > > What O/S is the DNS server running on? Are you running bind internally or > some other DNS server? > > Have you run nslookup or dig in debug mode to see what the the client DNS > request is actually doing? > > Are you allowing external DNS responses through the firewall? > > Can the internal DNS reach the IP address (e.g. not using a host name) of > the external DNS server? > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On Behalf Of > straightLiners IT Security Team > Sent: Wednesday, September 10, 2003 8:32 AM > To: [email protected] > Subject: [FW-1] DNS and Check Point Firewall-1 on Nokia device > > > > > Hello ! > > I encounter the problem, that DNS resolution doesn't work out properly. > > When a clients asks the internal DNS to resolve a host's name it takes > seriously long resulting in a time-out. The internal DNS forwards the > request to a specific external DNS server but obviously gets no answer. > Instead its digging recursively a series of unknown DNS server. After about > half a minute everything's fine and the host will resolve within a few ms. > > When digging the external DNS directly everything's within normal response > times. > > I did a test setup at home using the same configuration files and > everything's working out just fine. > > The firewall is a hardware device from Nokia running Check Point > Firewall-1. > > Does anyone know that problem? Which ACLs work out fine and are secure, > still? Any other ideas? - -- - - IT Security Team - straightLiners IT Consulting & Services Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-3510-6169 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This E-Mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this E-Mail in error please notify the sender immediately and destroy this E-Mail. Any unauthorized copying, disclosure or distribution of the material in this E-Mail is strictly forbidden. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/X0CyHui/4z3QSJoRAoqKAKCZg2uIcCTj6LzsFktg+O6cXXLj5QCglLm2 lRlS9q8JYRDVA/deP0aPt/w= =1wnw -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|