512 byte limit
Peter Kringle
pkringle at planetnet.org
Thu Jun 14 14:30:46 UTC 2007
The return packet is the one getting dropped. I don't have control over
that server, so I don't think the setting below would help.
And about the PIX admin, it isn't him. It is all the red tape around
doing changes in our network. It will be weeks before he will be able to
upgrade the code. (Trust me, they have been trying for a while now).
On Thu, Jun 14, 2007 at 10:50:18AM +0200, Ralf Weber wrote:
> Moin!
>
> On 14.06.2007, at 09:47, Peter Kringle wrote:
>
> >Ok, so I have a few DNS servers behind some PIX firewalls. The PIX
> >IOS
> >does not support the "fixup protocol dns" command, and we are
> >getting a
> >response from a DNS server which is 554 bytes.
> >
> >I understand the obvious fix for this problem... upgrade the PIX.
> >
> >But as a temp fix, is it possible to have BIND send out a TCP query
> >only
> >for this one zone we are having the issue with?
> Hm I would try the option setting
> edns-udp-size 512;
> to limit the size of udp packets that bind can send out.
>
> And if some pix admin tells you even with 6.3 that if he has
> no fixup protocol dns
> should work forget it - doesn't work - the only solution really
> is to have the protocol fix with 4096.
>
> So long
> -Ralf
> ---
> http://www.colt.net/
>
--
Peter (K0VX)
http://www.planetnet.org
More information about the bind-users
mailing list