On Mon, 2005-03-28 at 08:49 -0500, Rich Kasting wrote: > I didn't think dnscache would help because non of the email is getting > out because all are failing. >
You said that when you do a normal dig or host lookup from the shell there is no problem, so one would assume that using dnscache the queries would be rfc compliant and not trigger the IDS. > What will dnscache actually do to fix the problem? I know it will > cache lookups, does it query in a different manner? Will it take over > for qmail's queries? If so, where can I find good instructions for > installing it? > > DNS Fixup on a PIX? Does that make the intrusion detection module > leave qmail servers alone? :) Because of the way the PIX handles NAT/PAT you normally need to turn on some protocol fixups which cisco have configured into the IOS. If you have PDM access you can enable them with a couple of mouse clicks. A lot is dependant on how the network is configured. Shane
