Suspecious DNS queries dropped by Firewall

Anand Buddhdev anandb at
Tue Dec 13 12:09:48 UTC 2011

On 13/12/2011 13:04, babu dheen wrote:

> Hi,
> Our company users are using internal DNS servers for name resolution
> and internal DNS servers are configured to forward the DNS query to
> company gateway DNS servers for external queries
> User --> internal DNS server ---> gateway DNS server ---> internet
> But when i look at the firewall hit , i can see gateway DNS server is
> again sending DNS query to internal DNS server and the same is denied in
> firewall with below error
> Dropped UDP DNS reply from OUTSIDE:<gateway-dns-ip>/53 to
> DMZ50:<internal-dns-ip>/63953; packet length 526 bytes exceeds
> configured limit of 512 bytes

Your firewall is misconfigured. Who said DNS reply packets cannot be
bigger than 512 bytes? You need to reconfigure your firewall, and remove
that 512-byte limit for DNS queries and responses.

More information about the bind-users mailing list