Dear All, I just received the below mail from my ISP ----------------- On May 5th 2010 domain name system (DNS) will switch over to a new, more secure protocol “DNSSEC”. DNSSEC adds digital signatures to normal DNS queries, substantially reducing the risk of attacks such as the Kaminsky exploit, which caused widespread panic in July 2008.
Here at FASTtelco we have taken all the necessary precautions on our DNS and security equipments. Therefore if you own any security equipments such as a PIX or an ASA please do the following changes at your end. Below is the configuration that needs to be changed on a Cisco PIX and a Cisco ASA series firewall; ASA: policy-map type inspect dns preset_dns_map parameters message-length maximum 4096 policy-map global_policy class inspection_default inspect dns preset_dns_map PIX: fixup protocol dns maximum-length 4096 ------------------ On further query wth the ISP it was told that if the firewall does not have the neccessary changes we will not be able to browse. Now I have our own Primary & Secondary DNS server running and I use shorewall-4.0.14-1 as our firewall and its been working fine for the past 3 years or so . the name servers are 1) ns1.kmun.gov.kw 2) ns2.kmun.gov.kw. Now I would really apprecte if someone could advise me and help me on the above issue. do I need to do any change in our firewall or no we do hosts our company websites , mail servers , etc and the DNS servers are authorative for these zones wait for your kind help if any more information is required pls do let me know regards simon -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
