After installing recommended Sun Solaris Patch 114344-25 or newer on CheckPoint Firewall based on Solaris 10 with JumpStart Architecture and Security Scripts (JASS) toolkit there are local problems at DNS lookups on the firewall node.
# nslookup www.ebay.com
… Result was changing between timeout and right result
Resolution:
Kernel Parameter “ip_strict_dst_multihoming” is set to strict value (1) by JASS startup-script /etc/init.d/nddconfig. By Solaris OS default the parameter is set to the unstrict value (0). You have to change the parameter back to the unstrict value (0).
# ndd /dev/ip ip_strict_dst_multihoming 0
And change value from 1 to 0 in JASS startup-script or commented the setting of this Kernel Parameter out.
Remark:
The use of JASS is strictly recommended to harding the Solaris OS of the firewall node.