Suspecious DNS queries dropped by Firewall
Kevin Oberman
kob6558 at gmail.com
Wed Dec 14 20:45:14 UTC 2011
On Wed, Dec 14, 2011 at 3:51 AM, babu dheen <babudheen at yahoo.co.in> wrote:
> In this case, do you think that internal users trying to send emails
> directly to internet?
>
> Email delivery is taken care by Email Gateway device, obviously, DKIM
> verification (if enabled) can only be done by Email gateway of my
> company... How does internal client make DKIM query which uses the TXT
> record in DNS ?
>
> Can you tell me list of URL which size exceed 514 bytes to verify whether
> my internal server truncate/return failure code when query such URL using
> UDP query?
>
>
Babu,
You are missing the point. DKIM records were only provided as an example of
responses that will exceed 512 bytes. Any query might get such a response.
There is no way of knowing exactly how much data will be returned with
modern DNS servers, especially with DNSSEC. But, even a simple address
query might return over 512 bytes of data.
The removal of the 512 byte limit on DNS packets is well over a decade old
and dancing around it is a losing proposition. You must either fix your
firewall (the right solution) or set your servers to NOT set the EDNS flag
(a work-around that will probably continue to be fragile).
--
R. Kevin Oberman, Network Engineer
E-mail: kob6558 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111214/41a525a0/attachment.html>
More information about the bind-users
mailing list