[fw-wiz] PIX 6.33 & DNS fixup

From: Strydom, Willie (WStrydom_at_fnb.co.za)
Date: 09/29/03

Next message: Roger Marquis: "[fw-wiz] Re: @Stake CTO fired for Microsoft comments"

Previous message: Francesco Trentini - Uff. EDP: "R: [fw-wiz] IPSEC over load-shared T1s (per packet)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Mon, 29 Sep 2003 15:14:05 +0200

Hi All,

I see the PIX 6.33 has a DNS fixup, my conn count has gone through the roof!
mostly DNS traffic... Wonder if there is a connection...

I'm thinking that the "fixup protocol dns maximum-length 512" maybe leaves
the conn open for longer, so naturally there will be more conns.

Can anyone agree/disagree/explain?

Willie Strydom

Network Engineer (Security)
CCNA, CCSP, INFOSEC Professional
(Cisco Number csco10315544)
First National Bank
+27 11 889 5543

"Sure, I love children,
but I could never eat a whole one."

___________________________________________________________________________________________________

The views expressed in this email are, unless otherwise stated, those of the author and not those
of the FirstRand Banking Group or its management. The information in this e-mail is confidential
and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data
transmitted electronically and to preserve the confidentiality thereof, no liability or
responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted
or does not reach its intended destination.

________________________________
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Roger Marquis: "[fw-wiz] Re: @Stake CTO fired for Microsoft comments"

Previous message: Francesco Trentini - Uff. EDP: "R: [fw-wiz] IPSEC over load-shared T1s (per packet)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [fw-wiz] PIX 6.33 & DNS fixup
... >I see the PIX 6.33 has a DNS fixup, my conn count has gone through the roof! ... fixup was hardcoded and broke edns, win2k3 uses edns by default so the ...
(Firewall-Wizards)
Re: Fixup protocol
... and the other having to do with rewriting DNS responses. ... If you are using PIX 6.2 or PIX 6.3, then using the 'alias' command ... you might still need to disable the dns fixup for that case. ...
(comp.dcom.sys.cisco)
Re: [fw-wiz] PIX 6.33 & DNS fixup
... What it does is make sure that only one DNS response per DNS request ... The "maximum length" argument is important if your PIX is protecting client ... >I see the PIX 6.33 has a DNS fixup, my conn count has gone through the roof! ...
(Firewall-Wizards)