NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Possible DNS protocol BUG in FW-1 NG FP3

  • To: [email protected]
  • Subject: Re: [FW-1] Possible DNS protocol BUG in FW-1 NG FP3
  • From: Lars Troen <[email protected]>
  • Date: Tue, 21 Oct 2003 07:04:51 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcOXHdKfJTvLcqBaSvGsPlKYSDL49wAcnFtg
  • Thread-topic: [FW-1] Possible DNS protocol BUG in FW-1 NG FP3
Jose,
If your dns servers are using EDNS0 (bind 9.2, w2k3dns) then yes, this
is a known issue that has been discussed here before.

Lars

-----Original Message-----
From: Jose Ignacio Sanchez Martin [mailto:[email protected]]
Sent: 20. oktober 2003 16:44
To: [email protected]
Subject: [FW-1] Possible DNS protocol BUG in FW-1 NG FP3


Hi all !

Recently we have installed a FW-1 NG FP3 under Linux to protect our DMZ.
Since the installation we have experience some problems resolving our
domain from external nameservers.
It seemed that our DNS servers worked fine when you access directly from
outside (I mean, using our-dns-server.our-domain.com) but has some
problemas when resolving our domain name form another DNS server. There
was
many delays. You had to try serveral times to resolv one of our
subdomains
(with timeouts) until have a rigth answer.

After many days of tests we isolated the problem in our firewall. The
problem was solved as soon as we changed from DNS to none the protocol
of
the domain_udp object.

It seems that FW-1 has a bug in filtering at application level DNS UDPs
querys.

Is this a known issue? Or maybe an unknown bug?

Thanks

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.