Firewall Wizards mailing list archives
Re: Help
From: Aaron Smith <smitha () byui edu>
Date: Wed, 15 Nov 2006 09:27:17 -0700
On Wed, 2006-11-15 at 08:26 -0600, Utz, Ralph wrote:
I haven't run your test, but I have delt with this problem on a consulting basis in the past. Here's some info: PIX 6.3.5 and below block any DNS packet larger than 512 by default. When EDNS forces a packet larger than 512 the firewall will drop the packet. In Windows installations I've seen this cause the DNS service to hang and stop responding to requests. The PIX can be configured to allow larger DNS packets.
And, conversely, Windows EDNS0 can be disabled, as we did in our environment. @@ron Smith _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- bypassing PIX limitation Paolo Supino (Nov 09)
- <Possible follow-ups>
- Re: bypassing PIX limitation Horvath, Kevin M. (Nov 09)
- Re: bypassing PIX limitation Paolo Supino (Nov 09)
- Re: bypassing PIX limitation Josh (Nov 09)
- Re: bypassing PIX limitation Paolo Supino (Nov 09)
- Re: bypassing PIX limitation David Swafford (Nov 09)
- Re: bypassing PIX limitation Paolo Supino (Nov 11)
- Re: bypassing PIX limitation Marcus J. Ranum (Nov 11)
- Re: bypassing PIX limitation Chris Blask (Nov 11)
- Help Dave Piscitello (Nov 15)
- Re: Help Utz, Ralph (Nov 15)
- Re: Help Aaron Smith (Nov 15)
- Re: bypassing PIX limitation Paolo Supino (Nov 11)
- Re: bypassing PIX limitation Paolo Supino (Nov 11)