-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello !
I encounter the problem, that DNS resolution doesn't work out properly.
When a clients asks the internal DNS to resolve a host's name it takes
seriously long resulting in a time-out. The internal DNS forwards the request
to a specific external DNS server but obviously gets no answer. Instead its
digging recursively a series of unknown DNS server.
After about half a minute everything's fine and the host will resolve within
a few ms.
When digging the external DNS directly everything's within normal response
times.
I did a test setup at home using the same configuration files and
everything's working out just fine.
The firewall is a hardware device from Nokia running Check Point Firewall-1.
Does anyone know that problem? Which ACLs work out fine and are secure,
still? Any other ideas?
- --
straightLiners IT Consulting & Services
IT Security Department
Sebastian Schneider
Metzer Str. 12
13595 Berlin
Germany
Phone: +49-30-3510-6168
Fax: +49-30-3510-6169
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.
This E-Mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this E-Mail
in error please notify the sender immediately and destroy this E-Mail.
Any unauthorized copying, disclosure or distribution of the material
in this E-Mail is strictly forbidden.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/XxnGHui/4z3QSJoRAjlRAJ9+NvgzqyhpspxoFKmwoQzRA/u6zgCaA0e3
8dOgXpqxu64G1OmUxNlC2gs=
=KR+m
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================