512 byte limit
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Jan 22 09:52:02 UTC 2009
On Wed, Jan 21, 2009 at 11:47:01AM -0500,
Todd Snyder <tsnyder at rim.com> wrote
a message of 38 lines which said:
> I am sure there is much in the RTFM category, and I will continue to
> RTFM,
The FM here is RFC 2671, published nine years ago (a lot of time in
Internet terms).
> We are seeing some firewall messages indicating that one of our FW's is
> getting DNS respones at 600ish btyes:
>
> 2009 Jan 21 14:03:02 -- %FWSM: Dropped UDP DNS reply from xxxxxxxx/53 to
> yyyyyyy/2114; packet length 660 bytes exceeds configured limit of 512
> bytes
That is a badly configured firewall. Fire the guy who configured it,
and hire someone else, someone who knows about the things developed in
the last ten years.
As mentioned by Anton Korotin, the root name servers send answers > 512.
More information about the bind-users
mailing list