What is incorrect ! AFAIK 53/TCP is used for zone transfers please correct me if i am wrong. ???Dear Don please refer to RFC 1035
Sadir Don wrote: >>53-TCP is used for zone transfer should be secured 53-UDP can be open to >>all. TIP. >> > This is not correct. Please read my post below. > > -Don > > >>>>>After all the IPSO upgrades and service pack upgrades for our >>>>>Nokia/Checkpoint 4.1 SP5a solution, we started seeing some random >>>>>results with our DNS servers. Sometimes, it would fail on the first >>>>>lookup - but after that it would be ok... my question is simple... for >>>>>the last several years we've had the simple 2 rules for our DNS Servers: >>>>> >>>>>1. Any (Source) DNSServers(Destination) DNS-53(Port) >>>>>2. DNSServers (Source) Any (Source) DNS-53 (port) >>>>> >>>>>The question is simple...are we missing something obvious??? Our DNS >>>>>servers are Windows 2000. >>>>> >>>>> >>>>When you say DNS-53, do you mean UDP or TCP? You need to allow both in >>>>order for DNS to function properly. Most DNS requests use UDP port 53, >>>>however larger requests use TCP port 53. It may be these larger requests >>>>that are failing. >>>> >>>>-Don >>>> > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
