DNS problem with symantec.com
Jim McCullars
jim at info2.uah.edu
Thu Mar 25 17:58:26 UTC 2004
Mark Andrews (Mark_Andrews at isc.org) wrote:
: You have a firewall blocking the EDNS responses > 512 octets.
: Contact your firewall vendor for a upgrade.
Thanks, Mark - that was it. Now one other question, if you don't mind.
Our firewall apparently will let you configure the size that a EDNS packet
can be before it gets dropped. Is there a recommendation as to how to set
this to allow legitimate responses without opening up BIND to a buffer
overflow or other DoS attack? Thanks...
Jim McCullars
University of Alabama in Huntsville
More information about the bind-users
mailing list