packet too big
Joel
jc517 at wmi.com
Fri Jul 9 14:42:34 UTC 2004
Michael Varre wrote:
> > I noticed that when using my name servers as a resolver I cannot get
> > to several yahoo sites. I dug in and noticed a message is getting
> > logged on the firewall that the packet is over 512 bytes (this is the
> > answer packet).
> > The answer seems to be coming directly from yahoo's name servers. I
> > have included captures. One is from an answer I receive from
> > roadrunner ns and the other is from one of my resolvers. There is
> > clearly more data at the end of mine, however I have no clue why it is
> > there from my server rather than others.
> >
> >
> >
> > Any ideas on this problem would be greatly appreciated! Thanks!
As you have noticed this is a firewall issue and is best addressed
at that point in the chain. On my PIX we do this
fixup protocol dns maximum-length 1024
Check your docs for what you need to do to let EDNS0 packets get through
the firewall.
- Joel
More information about the bind-users
mailing list