Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] DNS not working

To: [email protected]
Subject: Re: [FW-1] DNS not working
From: Mitchell <[email protected]>
Date: Thu, 18 Sep 2003 08:31:14 -0600
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Enabling "accept domain name over udp" will allow all queries to be
accepted everywhere.  This is not a terribly secure way of doing things.

Have you tried to troubleshoot this at all?  When you add these rules
and it doesn't resolve, what rule is blocking it?  Your cleanup rule?
Is the Internal_DNS server in the Lan_segment group?

____________________________________________________
http://www.attackprevention.com
Information Security documents, articles, and policy


> You can enable the "accept domain name over udp" and check which
implied rules will be added on rulebase.
>
>  This can help you to solve the problem.
>
> -----Original Message-----
> From: siva prasad [mailto:[email protected]]
> Sent: Thursday, September 18, 2003 08:37 AM
> To: [email protected]
> Subject: [FW-1] DNS not working
>
>
> Hi there,
>
> We are facing a peculiar problem.
>
> We are running NG FP3 on solaris and running an internal DNS server
and any
> quiries which not resolved by this will forward to the ISP DNS.
>
> The problem is that, if we uncheck the option of "Accept domain name
over
> UDP (quiries)" and if we add a rule above the my internet surfing
rule,
> it's not resolving. The rule like this.
>
> Internal_DNS            any     domainudp       accept log
> lan_segment             any     domainudp       accpet log
>
>
> if we check the option "accept domain name over UDP" then some
unwanted
> sites also it's resolving based on rule 0.
>
> How to prevent this.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Slow traffic through NG-FP4
Next by Date: Re: [FW-1] HTTPS issue with NG FP3 user auth
Previous by thread: Re: [FW-1] DNS not working
Next by thread: [FW-1] HTTPS issue with NG FP3 user auth
Index(es):
- Date
- Thread