Suspecious DNS queries dropped by Firewall
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Dec 14 13:02:14 UTC 2011
On 14.12.11 17:21, babu dheen wrote:
> In this case, do you think that internal users trying to send emails
> directly to internet?
Maybe, maybe not. DNS queries can come from many other applications.
> Email delivery is taken care by Email Gateway device, obviously, DKIM
> verification (if enabled) can only be done by Email gateway of my
> company... How does internal client make DKIM query which uses the
> TXT record in DNS ?
The client simply sends dns query that results in bigger response than
512 bytes. The client only must set EDNS flag in outgoing
> Can you tell me list of URL which size exceed 514 bytes to verify
> whether my internal server truncate/return failure code when query
> such URL using UDP query?
We can not. There are millions of DNS zones and millions of responses
that can cross the 512B limit.
simply fix your firewall and stop dropping DNS packets bigger than 512
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
More information about the bind-users