Re: packet too big

This is a discussion on Re: packet too big within the Bind Users forums, part of the DNS and Related Forums category; Michael Varre wrote: > > I noticed that when using my name servers as a resolver I cannot get > &...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: packet too big

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-09-2004
Joel
 
Posts: n/a
Default Re: packet too big


Michael Varre wrote:
> > I noticed that when using my name servers as a resolver I cannot get
> > to several yahoo sites. I dug in and noticed a message is getting
> > logged on the firewall that the packet is over 512 bytes (this is the
> > answer packet).
> > The answer seems to be coming directly from yahoo's name servers. I
> > have included captures. One is from an answer I receive from
> > roadrunner ns and the other is from one of my resolvers. There is
> > clearly more data at the end of mine, however I have no clue why it is
> > there from my server rather than others.
> >
> >
> >
> > Any ideas on this problem would be greatly appreciated! Thanks!

As you have noticed this is a firewall issue and is best addressed
at that point in the chain. On my PIX we do this

fixup protocol dns maximum-length 1024

Check your docs for what you need to do to let EDNS0 packets get through
the firewall.
- Joel


Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:37 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0