512 byte limit
Mark Andrews
Mark_Andrews at isc.org
Thu Jun 14 21:48:12 UTC 2007
> Moin!
>
> On 14.06.2007, at 09:47, Peter Kringle wrote:
>
> > Ok, so I have a few DNS servers behind some PIX firewalls. The PIX
> > IOS
> > does not support the "fixup protocol dns" command, and we are
> > getting a
> > response from a DNS server which is 554 bytes.
> >
> > I understand the obvious fix for this problem... upgrade the PIX.
> >
> > But as a temp fix, is it possible to have BIND send out a TCP query
> > only
> > for this one zone we are having the issue with?
> Hm I would try the option setting
> edns-udp-size 512;
> to limit the size of udp packets that bind can send out.
max-udp-size controls what the server will send.
edns-udp-size controls what the server advertises it can accept.
edns-udp-size <integer>;
max-udp-size <integer>;
> And if some pix admin tells you even with 6.3 that if he has
> no fixup protocol dns
> should work forget it - doesn't work - the only solution really
> is to have the protocol fix with 4096.
>
> So long
> -Ralf
> ---
> http://www.colt.net/
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list