Its a commercial of my own ;-)

But i use DJB's dnscache with some configuration wrappers that allow me to
control it the unified way. Actually the syntax is inherited from good old
fwtk, something like:

dnsctl: instances dnscache-lo dnscache-int
dnscache-lo: bind
dnscache-lo: default-servers some.where.outside
dnscache-lo: zone -servers some.where.inside
dnscache-lo: zone 10.IN-ADDR.ARPA -servers some.where.inside
dnscache-lo: permit-hosts
dnscache-int: bind

Unfortunately the license for DJB tools is quite restrictive, so i cannot
do much anomaly detection beyond what is available out of the box.

It does handle AAAA records ok, at least.

On Wed, Aug 30, 2006 at 03:01:00PM -0400, Dave Piscitello wrote:
> Is this a commercial firewall or roll your own? If commercial which one?
> Does your proxy do protocol anomaly detection? If yes, does it recognize
> AAAA resource records or does it treat them as "out of compliance"?
> ArkanoiD wrote:
> >nuqneH,
> >
> >Well, mine does cache/proxy so there is no packet size restriction
> >per se..
> >
> >On Tue, Aug 29, 2006 at 03:13:34PM -0400, Dave Piscitello wrote:
> >>Hi all,
> >>
> >>I am trying to understand how different firewalls behave when they
> >>receive a UDP datagram containing a DNS message that uses EDNS0 (RFC
> >>2671) to support message sizes greater than the 512 maximum specified in
> >>RFC 1035 (original DNS).
> >>
> >>Specifically,
> >>
> >>- does your firewall block/silently discard such messages by default?
> >>- do you know the command to allow the message if blocked by default?
> >>
> >>I've found dozens of claims that firewalls don't handle EDNS0 correctly,
> >>but after a long search, I've only found URLs indicating that Firewall-1
> >>and Pix block by default and have workarounds.
> >>
> >>I'm curious whether SonicWall, Netscreen, Symantec, etc. behave
> >>similarly. I'd also be curious to learn the behavior of IPS devices and
> >>DNS proxies (Watchguard, WinProxy, etc).

> >
> >
> >

firewall-wizards mailing list