T_ANY
Glenn English
ghe at slsware.com
Fri Mar 19 22:27:26 UTC 2010
On Mar 19, 2010, at 3:35 PM, Kevin Oberman wrote:
> PIX, you say? They used to have a problem with DNS UDP packets over 512
> bytes. (Well, it didn't have a "problem", it just blocked them. I'm not
> sure what, if any code version fixes this. (I don't have any these days.)
6.3 fixed it. The command is "fixup protocol dns min_length <nnn>".
It was indeed the PIX, though "ip audit signature 6053 disable" allows T_ANY DNS queries. By default sig 6053 blocks T_ANY on the outside interface...
Thank you all for your suggestions.
--
Glenn English
ghe at slsware.com
More information about the bind-users
mailing list