Suspecious DNS queries dropped by Firewall
Phil Mayers
p.mayers at imperial.ac.uk
Tue Dec 13 13:00:12 UTC 2011
On 13/12/11 12:46, babu dheen wrote:
> Dear Anand,
> In what situation, DNS packet size can exceed more than 512 bytes. In
This has been discussed many times in the list and elsewhere. There's no
need to re-iterate it again.
DNS packets >512 bytes are legal. You should permit them.
> In this case, will the internal domain DNS query exceed 512 bytes?
> Regards
If you block DNS requests >512 bytes, you are breaking your own network.
It is incorrect to do this. Fix your firewall.
More information about the bind-users
mailing list