DNS packet size -- what's the correct size

Rob Tanner rtanner at linfield.edu
Sun Sep 30 16:15:10 UTC 2007

It's my understanding that the max DNS packet size is 512 bytes and that 
is apparently what Cisco thinks because our firewall is blocking DNS 
packets over that size, calling them malformed.  The problem is that we 
see numerous such packets and the real puzzler is that many of them are 
originate with core servers.

The issue is getting serious because there are some sites for which I 
can't resolve addresses from on campus, but use an external name server 
and those same sites resolve perfectly.  And, of course, I'm concerned 
that this problem is related the dropping of over sized packets by the 

Is Cisco's default limit too small?  Can someone explain to me what 
might be going on. 


Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

More information about the bind-users mailing list