DNS packet size -- what's the correct size

Mark Andrews Mark_Andrews at isc.org
Sun Sep 30 23:15:48 UTC 2007 

> Thanks to all who replied. It's odd that my O'Reilly DNS book still 
> lists 512 bytes as the max size.  From the comments I got, I've asked 
> our network manager to either turn that check off entirely or set the 
> limit to 2048.
> Again thanks.
> 
> -- Rob

	Look for EDNS.  We tend to distingish between DNS and
	Extended DNS.  For plain DNS the limit is still 512.  512
	is still the limit for EDNS requests unless you have recently
	probed the server for EDNS support.

	Modern nameservers use 4096 or so as the UDP packet size.

	This is the currently recommended size.

> On 09/30/2007 11:31 AM, dnd wrote:
> > Rob:
> >
> > We recently dealt with the same problem after changing Bind versions
> > from 8.2.7 (ancient, I know) to 8.4.7

	BIND 8.4.7 is ancient as well.  So ancient that it is no longer
	supported.

> > Turns out, since 8.3, the default EDNS size has been higher (can't
> > recall if it is 1024 or 2048).
> >
> > In any event, the problem you describe is indeed with the Pix, but we
> > did a quick  fix by adding the following to our named.conf files.
> >
> > Add      `edns-udp-size 512;'      to your named.conf file as a work-around
> .
> >
> > Before this fix, our name servers were unable to resolve certain
> > addresses (e.g. cluster1.us.messagelabs.com) which sent large packets.
> > We have not had any further incidents after the named.conf modification.
> >
> > Regards,
> >
> > Debbie Andrews
> >
> >
> > Rob Tanner wrote:
> >   
> >> Hi,
> >> It's my understanding that the max DNS packet size is 512 bytes and that 
> >> is apparently what Cisco thinks because our firewall is blocking DNS 
> >> packets over that size, calling them malformed.  The problem is that we 
> >> see numerous such packets and the real puzzler is that many of them are 
> >> originate with core servers.
> >>
> >> The issue is getting serious because there are some sites for which I 
> >> can't resolve addresses from on campus, but use an external name server 
> >> and those same sites resolve perfectly.  And, of course, I'm concerned 
> >> that this problem is related the dropping of over sized packets by the 
> >> firewall.
> >>
> >> Is Cisco's default limit too small?  Can someone explain to me what 
> >> might be going on. 
> >>
> >> Thanks,
> >> Rob
> >>
> >>
> >>   
> >>     
> >
> >   
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list