dns packet size
jeff donovan
donovan at beth.k12.pa.us
Thu Oct 9 13:49:57 UTC 2008
greetings,
i have been noticing my firewall denying udp packets that exceed 512.
What is the correct packet size , and should I make any adjustments on
ether the dns side or the firewall?
sample firewall log:
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 523
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 557
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 523
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 557
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:35 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 519
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:38 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 573
bytes exceeds configured limit of 512 bytes
thanks for any insight
-jeff
More information about the bind-users
mailing list