Subject tag [Dovecot] is gone
reuben-dovecot at reub.net
Fri Jun 13 10:20:01 UTC 2014
On 13/06/2014 8:09 PM, Nick Edwards wrote:
> On 6/11/14, Jost Krieger <Jost.Krieger+dovecot at rub.de> wrote:
>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote:
>>> Cisco routers by default mangle DNS traffic, break zone transfers
>>> or even put befor all CNAME blocks a $TTL 0 line never appeared
>>> on the master until you disable DNS ALG for UDP and TCP
>> I believe that Cisco equipment will do such things, but I doubt it's the
>> routers. Unless you plug a firewall card in.
> I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or
> any ASR do that.
Actually you're both incorrect - this isn't a PIX/ASA specific thing and
it does work that way on IOS routers in certain configurations. A Cisco
IOS router (800/1800/1900 etc) running recent code will do this if you
have a PAT rule translating port 53 from outside to inside.
This isn't a configuration that is that common, and it is annoying when
you run into it, but it's not something you can have happen "by
accident" since you have to specifically configure port 53 to be NATted
in to observe this behaviour. It's also easy to turn off (TBH I don't
know why it's not off by default, but that's a separate matter).
It doesn't impact normal outbound/dynamic NAT which is what most people use.
I haven't tried 1:1 static NATs so can't verify if it works that way in
that situation, though.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4 bytes
Desc: not available
More information about the dovecot