This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2024-07-12 02:27 PM
Jump to solution

DNS question

Hey everyone,

Sorry if this may sound like a dumb/stupid/silly question (or all 3 together lol), but I had customer ask me something that no one ever asked me in all my years with CP. So, they wanted to know if Check Point has their own DNS servers like Fortinet does that customers could use? Im pretty sure the answer is no, as I had never seen or heard of any, but wanted to be 100% sure.

Below is what Im referring to on Fortigates.

Best and thanks as always for the help.

Andy

Screenshot_1.png

0 Kudos
2 Solutions

Accepted Solutions
the_rock
Legend
Legend
‎2024-07-13 06:32 AM
Jump to solution

As I suspected, the answer is no, SE also confirmed the same.

Andy

View solution in original post

0 Kudos
John-Haynes
Contributor
‎2024-07-15 07:49 AM
Jump to solution

Would love to see CP come out with a product like "Meta IP" again. 

 

As far as free DNS services that provide security, Quad9 is still the best.  Recently saw some C2 Beacons trying to be accessed.  Quad9 was the only provider already blocking the domains.

View solution in original post

(1)
12 Replies
the_rock
Legend
Legend
‎2024-07-13 06:32 AM
Jump to solution

As I suspected, the answer is no, SE also confirmed the same.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-14 09:13 AM
Jump to solution

Officially, no.
However, dnsmasq has been unofficially on Gaia OS for quite some time.
I even wrote something about it a decade ago (including how to use it): https://phoneboy.org/2014/09/02/fun-with-check-point-dynamic-ip-gateways-in-r77-dot-20-with-gaia/
In the R82 EA, I noticed it’s actually running.
Not sure what it is officially used for as I haven’t dug into it.

0 Kudos
the_rock
Legend
Legend
‎2024-07-14 09:20 AM
In response to PhoneBoy
Jump to solution

Funny you gave that link, as I was reading it before making the post and even customer told me about it 🙂

Will test in in R82 lab.

Andy

 

0 Kudos
the_rock
Legend
Legend
‎2024-07-15 07:19 AM
In response to PhoneBoy
Jump to solution

@PhoneBoy 

Ran the commands, but not working, definitely missing something brother...any idea? 🙂

Andy

 

[Expert@R82-TEST-FW:0]# dbset process:dnsmasq t
[Expert@R82-TEST-FW:0]# dbset process:dnsmasq:path /usr/sbin
[Expert@R82-TEST-FW:0]# dbset process:dnsmasq:runlevel 3
[Expert@R82-TEST-FW:0]# dbset :save
[Expert@R82-TEST-FW:0]# dnsmasq

dnsmasq: failed to create listening socket for 127.0.0.1: Address already in use
[Expert@R82-TEST-FW:0]# fw ver -k
This is Check Point's software version R82 - Build 760
kernel: R82 - Build 735
[Expert@R82-TEST-FW:0]#

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-15 12:01 PM
In response to the_rock
Jump to solution

Like I said, dnsmasq is already running on R82 (no need to enable it).
Version string says is 2.76.
The configuration file looks like this:

#  This file was AUTOMATICALLY GENERATED
#  Generated by /bin/dnsmasq_xlate on Tue Jun 18 13:44:47 2024
# 
#  DO NOT EDIT
# 
bind-interfaces
cache-size=1000
no-poll
listen-address=127.0.0.1
server=/#/x.y.z.w
conf-dir=/etc/dnsmasq.d

This tells me the following:

  • It's basically a caching DNS server (x.y.z.w appears to be the DNS server configured in the Gaia OS)
  • Additional configuration can be bootstrapped from files added in /etc/dnsmasq.d

Whether this works/is supported is a separate question.

0 Kudos
the_rock
Legend
Legend
‎2024-07-15 12:14 PM
In response to PhoneBoy
Jump to solution

1( What file is that?

2) should not dnsmasq command give something?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-15 01:15 PM
In response to the_rock
Jump to solution

The configuration file is /etc/dnsmasq.conf
The error message you receive is because dnsmasq is already running (as stated previously).

0 Kudos
the_rock
Legend
Legend
‎2024-07-15 02:02 PM
In response to PhoneBoy
Jump to solution

K, gotcha...this is what it looks like in my lab, appears how I set it up.

Andy

[Expert@CP-EXL-1-s01-01:0]# more dnsmasq.conf
# This file was AUTOMATICALLY GENERATED
# Generated by /bin/dnsmasq_xlate on Fri Jul 12 15:27:11 2024
#
# DO NOT EDIT
#
bind-interfaces
cache-size=1000
no-poll
listen-address=127.0.0.1
server=/#/8.8.8.8
server=/#/8.8.4.4
server=/#/2.2.2.2
conf-dir=/etc/dnsmasq.d
[Expert@CP-EXL-1-s01-01:0]#

0 Kudos
John-Haynes
Contributor
‎2024-07-15 07:49 AM
Jump to solution

Would love to see CP come out with a product like "Meta IP" again. 

 

As far as free DNS services that provide security, Quad9 is still the best.  Recently saw some C2 Beacons trying to be accessed.  Quad9 was the only provider already blocking the domains.

(1)
the_rock
Legend
Legend
‎2024-07-15 07:52 AM
In response to John-Haynes
Jump to solution

Quad 9? Never heard of it, but reading about it, seems like its fantastic, awesome reviews...will let the customer know.

THANK YOU!!

Andy

0 Kudos
Lesley
Authority Authority
Authority
‎2024-07-15 01:40 PM
In response to the_rock
Jump to solution

Never seen or read anything regarding DNS provided by Check Point. 

There is ns1.checkpoint.com but they deny my DNS request 😉

C:\Users\lesle>nslookup therock.com ns1.checkpoint.com
Server: dns1.zonelabs.com
Address: 209.87.222.140

*** dns1.zonelabs.com can't find therock.com: Query refused

C:\Users\lesle>nslookup ns1.checkpoint.com
Server: gpon.net
Address: fe80::1

Non-authoritative answer:
Name: ns1.checkpoint.com
Address: 209.87.222.140

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2024-07-16 05:39 AM
In response to John-Haynes
Jump to solution

John,

Just wanted to thank you again for providing this. I cant believe how great these dns servers are, its truly amazing. Compared to google DNS, there is literally no comparison...simply outstanding.

I mean, I even tested it at home and though I have 1.5 GB download abd 1 GB upload fiber through my ISP, when I use quad 9 dns servers, it seems way faster then when uding google DNS.

Thanks again mate!!! ✌️

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events