Hi!

On Wed, Aug 30, 2006 at 03:01:00PM -0400, Dave Piscitello wrote:

> Does your proxy do protocol anomaly detection?


Well, mine does as much as BIND 9 does.

> If yes, does it recognized
> AAAA resource records or does it treat them as "out of compliance"?


$ dig www.kame.net AAAA
....
;; ANSWER SECTION:
www.kame.net. 1D IN AAAA 2001:200:0:8002:203:47ff:fea5:3085
....

Sidewinder G2. Uses BIND as a DNS forwarder. You can configure
an additional DNS proxy to forward requests to "outside" DNS
servers to the BIND on the firewall. Similar to an "absorb"
packet filter rule in Gauntlet.

Quick check:

$ dig www.kame.net AAAA @ns.karlsruhe.punkt.de
....
;; ANSWER SECTION:
www.kame.net. 23h57m39s IN AAAA 2001:200:0:8002:203:47ff:fea5:3085
....

Yes, works just the same.

Regards,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards