Suspecious DNS queries dropped by Firewall

Phil Mayers p.mayers at
Tue Dec 13 13:00:12 UTC 2011

On 13/12/11 12:46, babu dheen wrote:
> Dear Anand,
> In what situation, DNS packet size can exceed more than 512 bytes. In

This has been discussed many times in the list and elsewhere. There's no 
need to re-iterate it again.

DNS packets >512 bytes are legal. You should permit them.

> In this case, will the internal domain DNS query exceed 512 bytes?
> Regards

If you block DNS requests >512 bytes, you are breaking your own network. 
It is incorrect to do this. Fix your firewall.

More information about the bind-users mailing list