dnssec question. confused.

[michoski]

On 9/28/11 5:32 AM, "Steve Arntzen" <isc at arntzen.us> wrote:
> Is your firewall Cisco based?
> 
> There is a known "default" setting in Cisco with respect to packet size
> for DNS.  Our network guys run into this anytime they do an upgrade,
> etc. and have to go in and update the setting.

This bit me the first time I managed a PIX years ago (though, in fairness,
even then it was well documented on Cisco's site...I just had to read logs
and search), and now continues on the ASA it seems...  Once it's understood,
it really shouldn't bite again:

https://supportforums.cisco.com/thread/2013390

-- 
By nature, men are nearly alike;
by practice, they get to be wide apart.
        -- Confucius