.
Regards.
Oletu
- Original Message -
From: Dante Martins
To:
Sent: Tuesday, January 29, 2002 5:18 AM
Subject: RE: PIX % DNS Doctoring [7:1]
> I have a dns on inside using static (200.219.100.30 10.128.128.30) . The
> dns database is resolving names to valid IP's. The pro
Hi,
It really depends on what you want to do or implement for the DNS. The DNS
guard on PIX is enabled by default and it cannot be disabled not configured.
It help to prevent against DoS attacks by tearing down the UDP conduit on
the PIX firewall as soon as the DNS response is received not waitin
rver.
If that is your case, try looking up alias commands. Otherwise, it's all
enabled outbound unless access-list commands are enabled from inside -> DMZ.
- Original Message -
From: "Godswill HO"
To:
Sent: Saturday, January 26, 2002 9:43 PM
Subject: Re: PIX % DNS Doct
Godswill I believe he is asking about the alias command since that is
specifically used for DNS doctoring. But, if his clients are on the same
network as the DNS server it won't work. But, as you said, I'm not quite
sure what he is asking.
http://www.cisco.com/warp/public/110/alias.html
You ar
p policy 10 lifetime 3600
telnet 172.16.3.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
terminal width 80
-Original Message-
From: Godswill HO [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 26, 2002 10:45 PM
To: Dante Martins; [EMAIL PROTECTED]
Subject: Re: PIX % DNS Doctoring [
Dante,
Try this document,
http://www.cisco.com/warp/public/110/alias.html
-Keyur Shah-
CCIE# 4799 (Security; Routing and Switching)
css1,ccna,ccda,scsa,scna,mct,mcse,mcp+i,mcp,cni,mcne,cne,cna
Hello Computers
"Say Hello to Your Future!"
http://www.hellocomputers.com
Toll-Free: 1.877.794.3556
"N
I have a dns on inside using static (200.219.100.30 10.128.128.30) . The dns
database is resolving names to valid IP's. The problem is the worktations
from inside can't access these servers using the valid IP's.I found some
docs on Cisco site about DNS Doctoring (
http://www.cisco.com/warp/public/
p policy 10 lifetime 3600
telnet 172.16.3.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
terminal width 80
-Original Message-
From: Godswill HO [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 26, 2002 7:43 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX % DNS Doctoring [7:1]
Hi,
It r
Guys,
Thank you for your help. The problem has fixed. There was a router
filtering the DNS querys.(ip domain-lookup)
The DNS is on DMZ and I have created a alias to each server that was
using static.
Other problem is:
How can I telnet to PIX inside interface from the VPN (I.E. from
10.128.128
9 matches
Mail list logo
