512 byte limit
Ralf Weber
denic at eng.colt.net
Thu Jun 14 08:50:18 UTC 2007
Moin!
On 14.06.2007, at 09:47, Peter Kringle wrote:
> Ok, so I have a few DNS servers behind some PIX firewalls. The PIX
> IOS
> does not support the "fixup protocol dns" command, and we are
> getting a
> response from a DNS server which is 554 bytes.
>
> I understand the obvious fix for this problem... upgrade the PIX.
>
> But as a temp fix, is it possible to have BIND send out a TCP query
> only
> for this one zone we are having the issue with?
Hm I would try the option setting
edns-udp-size 512;
to limit the size of udp packets that bind can send out.
And if some pix admin tells you even with 6.3 that if he has
no fixup protocol dns
should work forget it - doesn't work - the only solution really
is to have the protocol fix with 4096.
So long
-Ralf
---
http://www.colt.net/
More information about the bind-users
mailing list