Hi, It really depends on what you want to do or implement for the DNS. The DNS guard on PIX is enabled by default and it cannot be disabled not configured. It help to prevent against DoS attacks by tearing down the UDP conduit on the PIX firewall as soon as the DNS response is received not waiting until thee the default UDO timer has expire which is 2 minutes( almost an eternity in the computer world).
The other doctoring you can do on DNS is on CBAC (Context Based Access Control). Here you can alter the default DNS timeout which is 5 seconds by using: #IP inspect dns-timeout It simplyly specifies the length of time a DNS name lookup session will still be managed after no activity. In case you need further help, feel free to ask specific questions. Regards. Oletu ----- Original Message ----- From: Dante Martins To: Sent: Saturday, January 26, 2002 4:58 PM Subject: PIX % DNS Doctoring [7:33331] > Somebody knows how to do DNS doctoring on PIX > I have the DNS on DMZ with static and the clients workstations are on > inside interface. > Dante > > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs service. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33342&t=33331 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
