Re: [fw-wiz] How does your firewall handle DNS messages > 512 octets?



Is this a commercial firewall or roll your own? If commercial which one?

Does your proxy do protocol anomaly detection? If yes, does it recognize AAAA resource records or does it treat them as "out of compliance"?

ArkanoiD wrote:
nuqneH,

Well, mine does cache/proxy so there is no packet size restriction per se..

On Tue, Aug 29, 2006 at 03:13:34PM -0400, Dave Piscitello wrote:
Hi all,

I am trying to understand how different firewalls behave when they receive a UDP datagram containing a DNS message that uses EDNS0 (RFC 2671) to support message sizes greater than the 512 maximum specified in RFC 1035 (original DNS).

Specifically,

- does your firewall block/silently discard such messages by default?
- do you know the command to allow the message if blocked by default?

I've found dozens of claims that firewalls don't handle EDNS0 correctly, but after a long search, I've only found URLs indicating that Firewall-1 and Pix block by default and have workarounds.

I'm curious whether SonicWall, Netscreen, Symantec, etc. behave similarly. I'd also be curious to learn the behavior of IPS devices and DNS proxies (Watchguard, WinProxy, etc).



begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards