comp.security.firewalls archive
Re: Netscreen: Lots of extraneous "denied" packets in log
From: Jerry Gardner <jg2-usenet@gardnerclan.net>
Date: Sun Feb 26 2006 - 05:59:08 CET
Date: Sun Feb 26 2006 - 05:59:08 CET
Somebody. wrote:
> set service dns timeout <number in minutes>
>
> Does it really take more than 1 minute to get answer back from DNS? (that's
> the default)
Not likely. I believe the 5GT, by default, only lets one reply back in.
I suspect that the logged entries are due to multiple reply packets.
Time to fire up Ethereal and start looking at the name server traffic.
Received on Mon May 1 00:53:05 2006