Suspecious DNS queries dropped by Firewall

Matus UHLAR - fantomas uhlar at
Wed Dec 14 13:02:14 UTC 2011

On 14.12.11 17:21, babu dheen wrote:
> In this case, do you think that internal users trying to send emails 
> directly to internet?

Maybe, maybe not. DNS queries can come from many other applications.

> Email delivery is taken care by Email Gateway device, obviously, DKIM 
> verification (if enabled) can only be done by Email gateway of my 
> company...  How does internal client make DKIM query which uses the 
> TXT record in DNS ?

The client simply sends dns query that results in bigger response than 
512 bytes. The client only must set EDNS flag in outgoing 

> Can you tell me list of URL which size exceed 514 bytes to verify 
> whether my internal server truncate/return failure code when query 
> such URL using UDP query?

We can not. There are millions of DNS zones and millions of responses 
that can cross the 512B limit.

simply fix your firewall and stop dropping DNS packets bigger than 512 

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.

More information about the bind-users mailing list