Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
handiansudianto
Advisor

DNS used on Checkpoint

Hello,

On the gaia on my 5800 series set to public dns server, but why our internal dns receive many bad tcp query from the checkpoint?

 
 

 

 

 

0 Kudos
5 Replies
emmap
Employee
Employee

Are you trying to use the 5800 as a DNS server/relay? If so, this is not a supported configuration, a Quantum Check Point gateway will not act as a DNS resolver. Only the Spark series has this capability.

handiansudianto
Advisor

No, the 5800 not used as dns server or dns relay. I just curious wht the 5800 lookup host using internal dns server even on the gaia the dns server set to the public dns server

0 Kudos
Lesley
Leader Leader
Leader

I suspect internal DNS is used on the config, could be GAIA config or Smartconsole.

For example DNS traps for the threat prevention blade etc.

Or did you change the DNS servers in GAIA and never rebooted gateway?

Or maybe internal DNS is configured as secondary DNS or third. That what most people do.

First DNS public second third internal or other way around. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
handiansudianto
Advisor

On the gaia the DNS set to public dns server, on the smart console i can see only on Mobile Access - Name Resolution set to internal dns server and i belive this used when any client connected to the 5800 vpn.

If i debug on the internal dns server i got like this

27/10/2023 07.26.26 19EC PACKET 0000021258539920 UDP Rcv 10.103.254.6 20cb Q [0001 D NOERROR] A (3)www(18)northeurope1-pushp(3)svc(2)ms(0)

27/10/2023 07.26.26 19EC PACKET 0000021258539920 UDP Snd 10.103.254.6 20cb R Q [8081 DR NOERROR] A (3)www(18)northeurope1-pushp(3)svc(2)ms(0)

27/10/2023 07.26.26 19FC PACKET 0000021258CDCD90 UDP Rcv 10.103.254.6 2390 Q [0001 D NOERROR] A (3)www(21)southcentralus1-pushp(3)svc(2)ms(0)

27/10/2023 07.26.26 19EC PACKET 00000212554C9D50 UDP Rcv 10.103.254.6 2390 Q [0001 D NOERROR] A (3)www(21)southcentralus1-pushp(3)svc(2)ms(0)

27/10/2023 07.26.26 19FC PACKET 0000021258CDCD90 UDP Snd 10.103.254.6 2390 R Q [8081 DR NOERROR] A (3)www(21)southcentralus1-pushp(3)svc(2)ms(0)

I believe the 5800 try query to the domain host or updateable object to the internal dns server, if this true where i can set updatable object to query using public dns server.

0 Kudos
PhoneBoy
Admin
Admin

Version/JHF?
What does enabled_blades say?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events