On Thu, 30 Sep 2010, Taylor, Gord wrote:
>
> The business partner has already fixed their firewall
> (allow_dnssec_bit=1 on CheckPoint)
Just in case anyone else is worried about interop problems, I note that
allow_dnssec_bit=1 is the default setting. A CheckPoint firewall
administrator has to deli
rd
Cc: bind-us...@isc.org
Subject: Re: When does BIND send queries with DO flag enabled?
> Can someone explain when BIND sets DO flag and when it won't? Most of
> my client workstations are XPSP3, and NONE of the queries coming from
> those clients have DO flag set.
The DO bit is p
> Can someone explain when BIND sets DO flag and when it won't? Most of my
> client workstations are XPSP3, and NONE of the queries coming from those
> clients have DO flag set.
The DO bit is part of the EDNS option record, and some servers (and more to
the point, some firewalls) are broken and do
On 29/09/10 10:30 PM, "Kevin Oberman" wrote:
>> Date: Wed, 29 Sep 2010 15:51:55 -0400
>> From: "Taylor, Gord"
>> Sender: bind-users-bounces+oberman=es@lists.isc.org
>>
>>
>> We recently ran into an intermittent problem sending queries to a
>> business partner. Turns out they had CheckPo
> Date: Wed, 29 Sep 2010 15:51:55 -0400
> From: "Taylor, Gord"
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
>
> We recently ran into an intermittent problem sending queries to a
> business partner. Turns out they had CheckPoint firewalls with
> SmartDefense turned of for DNS traff
We recently ran into an intermittent problem sending queries to a
business partner. Turns out they had CheckPoint firewalls with
SmartDefense turned of for DNS traffic. This was blocking traffic going
to them with DO flag enabled. I could duplicate the problem from a
command line by issuing "dig @
6 matches
Mail list logo
