Samuel Shiflett

DNS Flag Day and Check Point

Discussion created by Samuel Shiflett Employee on Jan 25, 2019
Latest reply on Jan 28, 2019 by Dameon Welch-Abernathy

You may have heard about DNS flag day (2019 | DNS flag day ) and are now asking yourself how will this impact your environment.   A number of DNS providers "have agreed to coordinate removing accommodations for non-compliant DNS implementations from their software or services, on or around February 1st 2019. This change will affect only sites operating non-compliant software."  This primarily impacts authoritative DNS servers.  As a result of these changes, you may see your Check Point gateway running IPS drop certain traffic due to Non Compliant DNS. 

 

Gateways running R77.30 JHF 345 and above (including R80.10 and R80.20) are not impacted.  If you're running a lower version and cannot upgrade then you will need to set the IPS protection "Non Compliant DNS" to detect.   For further information, please see sk112578 or reach out to your local SE.  

Outcomes