JL,
In your policy properties, the Accept DN over UDP and
TCP are disabled by default. Either you have checked
only the Accept DN over UDP or you have placed a rule
to allow only for queries(DN over UDP) and disallowed
the Accept DN over TCP. You should notice that the
rules that drop/allow the packets are different. If the
'domain-udp' is from rule 0 (zero), then it's from the
policy properties.
Are you allowing zone transfers from outside? Unless you
have a need for this, you can continue to allow the
DN over TCP(domain service) to be dropped. As you pointed
out, these are coming from someone outside of your site,
which means the firewall is doing what you paid the
big [add your currency here] for.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> J L <[EMAIL PROTECTED]> 11/14/00 5:23:18 AM >>>
>
>I'm seeing something very strange in my firewall logs.
>
>It's about a dns behind a fw1 4.1 sp1. Without
>changing any rule, when the dns server asks another
>dns outside my network, sometimes the fw accepts it,
>sometimes drops it.
>
>When accepting, the logs shows 'domain-udp' in the
>'service' column. When droping it, it shows 'domain'
>service. Both rules has 'long' track enable.
>
>It happends in block, i mean, there are, for example,
>20 lines accepted, then another 15 dropped, and so on.
>
>anyone can help me?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
