https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187532#M34595 <P>How does your version/JHF compare to that listed in the previous similar threads?</P> <P>I see two SR's with similar symptoms but the cause was undetermined in each.</P> Tue, 25 Jul 2023 14:22:02 GMT Chris_Atkinson 2023-07-25T14:22:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187486#M34593 <P>Hello,</P><P>&nbsp;</P><P>We pointing DNS IP address for our VPN Pool IP to internal windows DNS server. When i check log on the windows dns server i got many warning 'The DNS server received a bad TCP-based DNS message from 10.103.254.6. The packet was rejected or ignored. The event data contains the DNS packet.'</P><P>IP 10.103.254.6 is our checkpoint.</P><DIV class="">&nbsp;</DIV><P>&nbsp;</P> Tue, 25 Jul 2023 12:11:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187486#M34593 handiansudianto 2023-07-25T12:11:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187522#M34594 <P>Has also been dicussed her without a solution: <A href="https://community.checkpoint.com/t5/General-Topics/Internal-DNS-was-flooded-by-bad-TCP-based-DNS-from-Check-Point/m-p/178083#M29652" target="_blank" rel="noopener"><SPAN>Internal <STRONG>DNS</STRONG> was flooded by <STRONG>bad</STRONG> <STRONG>TCP-based</STRONG> <STRONG>DNS</STRONG> from Check Point</SPAN></A></P> Tue, 25 Jul 2023 13:37:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187522#M34594 G_W_Albrecht 2023-07-25T13:37:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187532#M34595 <P>How does your version/JHF compare to that listed in the previous similar threads?</P> <P>I see two SR's with similar symptoms but the cause was undetermined in each.</P> Tue, 25 Jul 2023 14:22:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187532#M34595 Chris_Atkinson 2023-07-25T14:22:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187535#M34596 <P>I would contact TAC about this, honestly. I checked support site and literally only things that show up are community posts and specifically one that&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21294">@G_W_Albrecht</a>&nbsp;pointed to.</P> <P>Andy</P> Tue, 25 Jul 2023 14:03:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187535#M34596 the_rock 2023-07-25T14:03:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187615#M34598 <P>i using version 81.10 with JHF 87</P> Wed, 26 Jul 2023 01:13:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187615#M34598 handiansudianto 2023-07-26T01:13:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187616#M34599 <P>on the sk 133313 there are 2 solution :</P><P>1. disable '<SPAN>Log implied rules', i check this already&nbsp;disabled.</SPAN></P><P><SPAN>2. Change&nbsp;<EM>rad_kernel_domain_cache_refresh_interval</EM>&nbsp; and&nbsp;<EM>rad_kernel_domain_cache_ip_success_lookup_timeout.&nbsp;</EM>What value is recommended&nbsp;for both parameters?</SPAN></P><P>&nbsp;</P> Wed, 26 Jul 2023 01:16:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-bad-TCP/m-p/187616#M34599 handiansudianto 2023-07-26T01:16:50Z