USADOTGOV.NET Root Problems?
Jerry K
dns.bind.list at oryx.cc
Mon Jul 26 00:48:23 UTC 2010
Michael,
Do you have a standard template that you use for your Cisco firewall
devices?
Or are you just disabling the fixup protocol's?
Jerry
On 07/24/10 15:16, Michael Sinatra wrote:
>
> That's true, but it doesn't quite explain why the "DNS Inspection
> Policy," turned on by default on the PIX/FWSM/ASA, continued to have a
> default maximum DNS message size of 512 bytes more than a decade after
> EDNS0 became a standards-track RFC.
>
> In this case, Cisco's defaults are brain-dead. Whether that had an
> impact here or the issue was due to mere fragmentation isn't clear, but
> those default values have had an impact on DNSSEC deployment.
>
> michael
>
More information about the bind-users
mailing list