Cisco Pix drops UDP packets larger than 512 bytes
David Hekimian
davidh at aqueduct.com
Mon Jun 3 18:39:11 UTC 2002
I've been having some problems looking up specific sites (the MX record for
Lycos.Com for example) where the returned packet size is larger than 512
bytes.
(Using Dig >8.2.5 'dig -t mx +debug +dn lycos.com @ns3.hotwired.com' )
---
Cisco's BugToolkit (BugID CSCds58726) shows the bug as a "Feature" -
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=cscds58726
DOC: PIX drops DNS packets of sizes greater than 512 bytes
UDP packets with destination port 53, DNS packets, will be dropped by the
PIX if the packet size is more than 512 bytes. This is a design
specification.
---
I was under the impression that if a packet is larger then 512 bytes then
TCP was used. In what instances does BIND switch from UDP to TCP?
----
Q. Does this violate a RFC?
Q. Is this even a desired behavior?
I willing to push Cisco to add a command feature to turn off this "Feature"
if not eliminate it completely. I need some backup reasoning (Violates an
RFC, etc) to build my case (if necessary).
All feedback is greatly appreciated.
- David
More information about the bind-users
mailing list