Firewall Wizards mailing list archives
Re: How does your firewall handle DNS messages > 512 octets?
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Fri, 1 Sep 2006 09:28:40 +0200
Hi! On Wed, Aug 30, 2006 at 03:01:00PM -0400, Dave Piscitello wrote:
Does your proxy do protocol anomaly detection?
Well, mine does as much as BIND 9 does.
If yes, does it recognized AAAA resource records or does it treat them as "out of compliance"?
$ dig www.kame.net AAAA ... ;; ANSWER SECTION: www.kame.net. 1D IN AAAA 2001:200:0:8002:203:47ff:fea5:3085 ... Sidewinder G2. Uses BIND as a DNS forwarder. You can configure an additional DNS proxy to forward requests to "outside" DNS servers to the BIND on the firewall. Similar to an "absorb" packet filter rule in Gauntlet. Quick check: $ dig www.kame.net AAAA @ns.karlsruhe.punkt.de ... ;; ANSWER SECTION: www.kame.net. 23h57m39s IN AAAA 2001:200:0:8002:203:47ff:fea5:3085 ... Yes, works just the same. Regards, Patrick -- punkt.de GmbH Internet - Dienstleistungen - Beratung Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100 76137 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How does your firewall handle DNS messages > 512 octets? Patrick M. Hausen (Sep 01)
- <Possible follow-ups>
- Re: How does your firewall handle DNS messages > 512 octets? ArkanoiD (Sep 04)