NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] my DNS requests times out

  • To: [email protected]
  • Subject: Re: [FW-1] my DNS requests times out
  • From: "Burton, Chris" <[email protected]>
  • Date: Thu, 6 Nov 2003 12:17:16 -0800
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcOkoD/WU6VCLJpKTFOqIajBSzPj6gAAojUQ
  • Thread-topic: [FW-1] my DNS requests times out
        Do you have a manual rule for UDP/TCP 53 or are you using the implied rules?  If you are using the implied rules you will need to turn on implied rule logging before you will be able to see if it is being dropped.

Chris Burton
Network Engineer
Walt Disney Internet Group: Network Services



-----Original Message-----
From: "Blais, Stéphane" [mailto:[email protected]]
Sent: Thursday, November 06, 2003 11:40 AM
To: [email protected]
Subject: [FW-1] my DNS requests times out

Hi all, DNS request are not coming back trough my firewall!

Setup:
Internal dns for local lookups
external dns for internet lookups (provided by our ISP).
Nokia IP120 with FW-1 NG FP3.

Problem:
-DNS requests to the external DNS time's out.
-The fw log shows: from MyWorkStation  to  ExternalDNS using "Domain UDP"
service "Accept"
 (so the requests are going out)
-I do not get any dropped or accepted return packets in the log.
 (as if the dns external server never sends a reply)

What I have tried:
-Tested the external dns from outside the firewall, it works! (using
nslookup)
-Tested the external dns form the firewall. (telneting in and using
nslookup) It works!
-In global Properties I have checked:
    -FireWall-1
        -Accept domain name over udp (queries)
        -Log Implied Rules
    -Stateful Inspection
        -Log on drop (for the drop out of state udp packets)

Dns still time's out. :-(

If anyone has something I could try, I would appreciate it.
Thanks

Stéphane Blais

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.