timeout for query?
Vinny Abello
vinny at tellurian.com
Thu Jul 21 14:17:44 UTC 2005
At 01:40 AM 7/21/2005, Mark Andrews wrote:
> > Hello,
> >
> > we're having problem with PIX firewalls closing UDP 'connection' after
> > 30 seconds. Is there a limit to which a response for query must be sent?
>
> There is no protocol limit. I would be talking to CISCO to see
> if there is a knob you can set to raise it. 90 seconds would
> be appropriate for named.
The default (at least on a PIX I'm looking at, a 506E running 6.3(3))
appears to be 2 minutes for UDP.
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
There is no specific setting that I see for DNS traffic timeouts so I
think the UDP timeout is what you're looking for.
Investigate that setting though to see what you have. You should be
able to do a "show timeout" or just look at the config. Of course
Cisco TAC is probably more qualified to diagnose this or make
suggestions than I am, so as Mark suggested, talk to Cisco to be sure. :)
Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
"Courage is resistance to fear, mastery of fear - not absence of
fear" -- Mark Twain
More information about the bind-users
mailing list