We have installed Bind 9.3.1 on a Fedora Core 4 machine inside a FW-1 R54. When trying to do a DNS lookup for a host on the internet, the firewall log is filled with a lot of rejected messages:
Attack info: Badly formed DNS Attack info: Illegal resource record format (request) Only one of 40-50 requests from the dns server is accepted and the DNS server was not able to resolv any external names. I can bypass this problem by defining my own TCP and UDP services for port 53. Seems like SmartDefence is not that up to date about the DNS protocol. Will it be a security risk by doing this? Other solutions? The old DNS server was running Bind 8.2.3 and had non of this problems. -- Jørn Dahl-Stamnes ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
