Suspecious DNS queries dropped by Firewall

babu dheen babudheen at
Tue Dec 13 12:04:51 UTC 2011

 Our company users are using internal DNS servers for name resolution and internal DNS servers are configured to forward the DNS query to company gateway DNS servers for external queries

User --> internal DNS server ---> gateway DNS server ---> internet
But when i look at the firewall hit , i can see gateway DNS server is again sending DNS query to internal DNS server and the same is denied in firewall with below error
Dropped UDP DNS reply from OUTSIDE:<gateway-dns-ip>/53 to DMZ50:<internal-dns-ip>/63953; packet length 526 bytes exceeds configured limit of 512 bytes
Any idea?
Papdheen M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list