On Wed, Jan 21, 2004 at 06:36:38PM +0100, Lars Troen wrote:
> EDNS0 allows dns packets >512 bytes. A workaround is discussed here: > http://lists.virus.org/fw1-0305/msg00433.html Found a better solution to this EDNS0 problem ... This is from the Nokia database and I've verified it resolves the problem on NG-AI on an IP530. How to resolve the error: "badly formed dns" Solution ID: sk22170 Help with the solution Creation Date: 08/28/2003 Email this solution Revised Date: 12/01/2003 Rate this solution Preferred Product: FireWall-1 Latest Version: ngcompatibility Category: DNS The information in this article applies to: FireWall-1 NG Solaris SmartDefense Domain-udp Solution To allow this to work, enter the following command: fw ctl set int allow_dnssec_bit 1 To make the change permenant, add the command to fwstart script, or add an entry like "set fw:allow_dnssec_bit=1" to /etc/system and reboot the machine > > Lars > > -----Original Message----- > From: ckpt [mailto:[EMAIL PROTECTED] > Sent: 21. januar 2004 05:01 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Possible DNS protocol BUG in FW-1 NG FP3 > > On Tue, Oct 21, 2003 at 07:04:51AM +0200, Lars Troen wrote: > > Jose, > > If your dns servers are using EDNS0 (bind 9.2, w2k3dns) then yes, this > > is a known issue that has been discussed here before. > > Can you elaborate please ? I missed the earlier discussion. > I just caught the error myself sniffing DNS - is there > a solution or workaround ? > > alan > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
