Educause Security Discussion mailing list archives

Re: Palo Alto firewalls and DNS delays

From: Dennis Bohn <bohn () ADELPHI EDU>
Date: Wed, 13 Mar 2013 08:49:39 -0400

+1 for list even tho we are not currently using PA.
Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn () adelphi edu
5168773327


On Wed, Mar 13, 2013 at 8:46 AM, Alan Nord <anord () macalester edu> wrote:

+1 for the mailing list.

I see 5.0.3 has been released.  I can't see 4.x code as I have a 3000
series.  Lots of bug fixes but nothing specifically for your issue that I
can find.


On Tue, Mar 12, 2013 at 11:08 AM, Myers, Rick <rick.myers () txstate edu>wrote:

Another +1 for a PA user list

Rick Myers
Information Security Analyst
VP for Information Technology
Texas State University-San Marcos


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julian Y Koh
Sent: Tuesday, March 12, 2013 7:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Palo Alto firewalls and DNS delays

[Side Note: Anyone want to start up a mailing list for PA users, like the
one that Stanford runs for PacketShaper users and the one run by UNC for
TippingPoint users?]

For those people running PA firewalls, has anyone seen an issue where DNS
queries get delayed through the box by anywhere from 1-5 seconds?  We've
got a case open with PA, but I thought we'd just cast a quick line out here
to see if we caught anything on it.

My gut feeling is that somehow the box is trying to do some reputation or
botnet C&C lookup, but supposedly that was turned off during testing with
no change in behavior.

We're running 5060s with 4.1.11 software.

Thanks in advance!


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public Key:<
http://bt.ittns.northwestern.edu/julian/pgppubkey.html>




--
Alan Nord, CCNA
Network Administrator
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105

Current thread:

Palo Alto firewalls and DNS delays Julian Y Koh (Mar 12)
- Re: Palo Alto firewalls and DNS delays Walter Petruska (Mar 12)
- Re: Palo Alto firewalls and DNS delays Barros, Jacob (Mar 12)
- Re: Palo Alto firewalls and DNS delays Myers, Rick (Mar 12)
  - Re: Palo Alto firewalls and DNS delays Alan Nord (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Dennis Bohn (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Kevin Wilcox (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Ken Connelly (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Ken Connelly (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Julian Y Koh (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Ken Connelly (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Valdis Kletnieks (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Tim Doty (Mar 13)
    - Re: Palo Alto firewalls and DNS delays Roger A Safian (Mar 13)
- Re: Palo Alto firewalls and DNS delays Nathaniel Hall (Mar 13)