DNSSEC Support

Forum|Forum|14 years ago
June 30, 2011
4 replies
6103 views

Does the Fortigate (Ver 3.0 or higher) have support for DNSSEC? I' m looking to increase the DNS message size from 512 bytes to 4096 bytes. Has anybody done this yet?

Jan_Scholten

New Member

It should support more than 512 bytes, as you need to enable a specific rule to change that.. http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD32863&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=20918139&stateId=0%200%2020916596

ZiPPyAuthor

New Member

Jan, Isn' t this to block message that exceed 512 bytes? I would think to reverse that, and increase it accordingly but I don' t see where you would do this at. I' m still searching...

Carl_Wallmark

New Member

As the document states, it supports DNSSEC as default, the IPS rule is to block DNS request over 512 byte but it allows DNSSEC...

Jan_Scholten

New Member

yes.. the signature is to block DNS greater than 512byte but as stated the default setting is to let it pass (and only create a log entry. so unless you use this signature AND override the custom behavior (" action = pass" ) the FGT is not blocking DNS over 512 bytes so DNSSEC should work

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded