Suspecious DNS queries dropped by Firewall
Anand Buddhdev
anandb at ripe.net
Tue Dec 13 12:09:48 UTC 2011
On 13/12/2011 13:04, babu dheen wrote:
> Hi,
>
> Our company users are using internal DNS servers for name resolution
> and internal DNS servers are configured to forward the DNS query to
> company gateway DNS servers for external queries
>
> User --> internal DNS server ---> gateway DNS server ---> internet
>
> But when i look at the firewall hit , i can see gateway DNS server is
> again sending DNS query to internal DNS server and the same is denied in
> firewall with below error
>
> Dropped UDP DNS reply from OUTSIDE:<gateway-dns-ip>/53 to
> DMZ50:<internal-dns-ip>/63953; packet length 526 bytes exceeds
> configured limit of 512 bytes
Your firewall is misconfigured. Who said DNS reply packets cannot be
bigger than 512 bytes? You need to reconfigure your firewall, and remove
that 512-byte limit for DNS queries and responses.
More information about the bind-users
mailing list