It would mean that they run something older than 10.2 JunOS, that is a prehistoric release, which would be criminal in term of security. Anyway, putting stateful firewalls in front of DNS servers is a nonsense from the beginning.
> Le 25 janv. 2019 à 13:06, Christian Scholz <c...@ip4.de> a écrit : > > What they told you sounds like bullshit to me. From 10.2 on there are no > special settings required. Maybe they don’t know how to do it? > > So I guess they are just very lazy or don’t know better and blame the > firewall... I pray for you that they don’t run Code below 10.2... > > https://kb.juniper.net/InfoCenter/index?page=content&id=KB23569&cat=SRX_5600_1&actp=LIST > > > Am 25.01.2019 um 12:53 schrieb sth...@nethelp.no: > >>> When doing some investigation for the upcoming DNS Flag Day >>> (https://dnsflagday.net: February 1st 2019) I got some bad news from one of >>> the service providers: they use Juniper SRX firewalls, and claim that they >>> can't properly support EDNS because of a bug in their SRX firewalls. This >>> seems outrageous to me. Is this just because they haven't upgraded their >>> JunOS for years, they're running ancient DNS server software, or is there >>> really a problem? >> >> See >> >> https://mailman.nanog.org/pipermail/nanog/2019-January/099180.html >> >> "Juniper and Checkpoint have newer code that doesn't do this." _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp