packet too big
Michael Varre
bind9 at kishmish.com
Fri Jul 9 14:46:51 UTC 2004
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Joel
> Sent: Friday, July 09, 2004 10:43 AM
> To: Michael Varre
> Cc: bind-users at isc.org
> Subject: Re: packet too big
>
>
>
> Michael Varre wrote:
> > > I noticed that when using my name servers as a resolver I cannot get
> > > to several yahoo sites. I dug in and noticed a message is getting
> > > logged on the firewall that the packet is over 512 bytes (this is the
> > > answer packet).
> > > The answer seems to be coming directly from yahoo's name servers. I
> > > have included captures. One is from an answer I receive from
> > > roadrunner ns and the other is from one of my resolvers. There is
> > > clearly more data at the end of mine, however I have no clue why it is
> > > there from my server rather than others.
> > >
> > >
> > >
> > > Any ideas on this problem would be greatly appreciated! Thanks!
>
> As you have noticed this is a firewall issue and is best addressed
> at that point in the chain. On my PIX we do this
>
> fixup protocol dns maximum-length 1024
>
> Check your docs for what you need to do to let EDNS0 packets get through
> the firewall.
> - Joel
>
Joel,
Well yes that is one possibility. However it seems to me that there is no
good reason for the packet to be larger than 512bytes - 512 is pretty
standard. I don't see how my setup could be different from most other
servers on the net.
mv
More information about the bind-users
mailing list