Subject tag [Dovecot] is gone

Reindl Harald h.reindl at thelounge.net
Fri Jun 13 10:25:27 UTC 2014



Am 13.06.2014 12:20, schrieb Reuben Farrelly:
> On 13/06/2014 8:09 PM, Nick Edwards wrote:
>> On 6/11/14, Jost Krieger <Jost.Krieger+dovecot at rub.de> wrote:
>>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote:
>>>
>>>> Cisco routers by default mangle DNS traffic, break zone transfers
>>>> or even put befor all CNAME blocks a $TTL 0 line never appeared
>>>> on the master until you disable DNS ALG for UDP and TCP
>>>
>>> I believe that Cisco equipment will do such things, but I doubt it's the
>>> routers. Unless you plug a firewall card in.
>>
>>   I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or
>> any ASR do that.
> 
> Actually you're both incorrect - this isn't a PIX/ASA specific thing and it does work that way on IOS routers in
> certain configurations.  A Cisco IOS router (800/1800/1900 etc) running recent code will do this if you have a PAT
> rule translating port 53 from outside to inside.
> 
> This isn't a configuration that is that common, and it is annoying when you run into it, but it's not something you
> can have happen "by accident" since you have to specifically configure port 53 to be NATted in to observe this
> behaviour.  It's also easy to turn off (TBH I don't know why it's not off by default, but that's a separate matter).
> 
> It doesn't impact normal outbound/dynamic NAT which is what most people use.
> 
> I haven't tried 1:1 static NATs so can't verify if it works that way in that situation, though

we are running 1:1 static NAT and it is enabled by default in that situation
that's what i am talking the whole time, nobody does single port-forwardings
in a server environment

and *yes* you can have happen this "by accident" simply by have non Cisco
hardware before with the same 1:1 NAT and then get a Cisco device due switch
from bundeled DSL lines to glasfiber

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140613/bae86607/attachment.sig>


More information about the dovecot mailing list