512 byte limit
Chris Buxton
cbuxton at menandmice.com
Thu Jun 14 17:05:35 UTC 2007
If I'm not mistaken, setting the edns-udp-size option will configure
your server to tell the other server that it can't accept the larger
packet. So this should in fact solve the problem - your server will
try the query over UDP, get a truncated response, and retry over TCP.
Chris Buxton
Men & Mice
On Jun 14, 2007, at 7:30 AM, Peter Kringle wrote:
> The return packet is the one getting dropped. I don't have control
> over
> that server, so I don't think the setting below would help.
>
> And about the PIX admin, it isn't him. It is all the red tape around
> doing changes in our network. It will be weeks before he will be
> able to
> upgrade the code. (Trust me, they have been trying for a while now).
>
>
> On Thu, Jun 14, 2007 at 10:50:18AM +0200, Ralf Weber wrote:
>> Moin!
>>
>> On 14.06.2007, at 09:47, Peter Kringle wrote:
>>
>>> Ok, so I have a few DNS servers behind some PIX firewalls. The PIX
>>> IOS
>>> does not support the "fixup protocol dns" command, and we are
>>> getting a
>>> response from a DNS server which is 554 bytes.
>>>
>>> I understand the obvious fix for this problem... upgrade the PIX.
>>>
>>> But as a temp fix, is it possible to have BIND send out a TCP query
>>> only
>>> for this one zone we are having the issue with?
>> Hm I would try the option setting
>> edns-udp-size 512;
>> to limit the size of udp packets that bind can send out.
>>
>> And if some pix admin tells you even with 6.3 that if he has
>> no fixup protocol dns
>> should work forget it - doesn't work - the only solution really
>> is to have the protocol fix with 4096.
>>
>> So long
>> -Ralf
>> ---
>> http://www.colt.net/
>>
>
> --
> Peter (K0VX)
> http://www.planetnet.org
>
>
More information about the bind-users
mailing list