Hi Melchior,
> Thanks for pointing this out. Please have a look at
> https://prsearch.juniper.net/InfoCenter/index?page=prcontent=PR1379433 and
> let me know your ideas.
Yep, that sounds exactly like what's happening!
"Resolved In 15.1X49-D160 17.4R3 18.1R3 18.2R2 18.3R1 18.4R1" sounds
-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Havard Eidnes
Sent: 25 January 2019 12:42
To: c...@ip4.de
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] DNS Flag Day
> What they told you sounds like bullshit to me. From 10.2 on there are
> no special se
> What they told you sounds like bullshit to me. From 10.2 on
> there are no special settings required. Maybe they don't know
> how to do it?
>
> So I guess they are just very lazy or don't know better and
> blame the firewall... I pray for you that they don't run Code
> below 10.2...
>
>
It would mean that they run something older than 10.2 JunOS, that is a
prehistoric release, which would be criminal in term of security.
Anyway, putting stateful firewalls in front of DNS servers is a nonsense from
the beginning.
> Le 25 janv. 2019 à 13:06, Christian Scholz a écrit :
>
> What
What they told you sounds like bullshit to me. From 10.2 on there are no
special settings required. Maybe they don’t know how to do it?
So I guess they are just very lazy or don’t know better and blame the
firewall... I pray for you that they don’t run Code below 10.2...
> When doing some investigation for the upcoming DNS Flag Day
> (https://dnsflagday.net: February 1st 2019) I got some bad news from one of
> the service providers: they use Juniper SRX firewalls, and claim that they
> can't properly support EDNS because of a bug in their SRX firewalls. This
>
Hi,
When doing some investigation for the upcoming DNS Flag Day
(https://dnsflagday.net: February 1st 2019) I got some bad news from one of the
service providers: they use Juniper SRX firewalls, and claim that they can't
properly support EDNS because of a bug in their SRX firewalls. This seems
7 matches
Mail list logo
