[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DNS not working
Enabling "accept domain name over udp" will allow all queries to be accepted everywhere. This is not a terribly secure way of doing things. Have you tried to troubleshoot this at all? When you add these rules and it doesn't resolve, what rule is blocking it? Your cleanup rule? Is the Internal_DNS server in the Lan_segment group? ____________________________________________________ http://www.attackprevention.com Information Security documents, articles, and policy > You can enable the "accept domain name over udp" and check which implied rules will be added on rulebase. > > This can help you to solve the problem. > > -----Original Message----- > From: siva prasad [mailto:[email protected]] > Sent: Thursday, September 18, 2003 08:37 AM > To: [email protected] > Subject: [FW-1] DNS not working > > > Hi there, > > We are facing a peculiar problem. > > We are running NG FP3 on solaris and running an internal DNS server and any > quiries which not resolved by this will forward to the ISP DNS. > > The problem is that, if we uncheck the option of "Accept domain name over > UDP (quiries)" and if we add a rule above the my internet surfing rule, > it's not resolving. The rule like this. > > Internal_DNS any domainudp accept log > lan_segment any domainudp accpet log > > > if we check the option "accept domain name over UDP" then some unwanted > sites also it's resolving based on rule 0. > > How to prevent this. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|