Full Disclosure mailing list archives
Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit
From: "hggdh" <hggdh () attbi com>
Date: Thu, 8 May 2003 16:51:50 -0500
I am sorry I did not explain myself here -- my fault. Apologies to Mathias, Peter, and Ron. Indeed almost all name server in use will use TCP for larger replies. They probably did not get any responses because, as a lot of people out there, they only allow UDP for DNS. But Windows 2003 implements EDNS0 (RFC2671), which allows for UDP payloads larger than 512 bytes... The actual point/thing I am curious about is on the WIndows 2003 DNS behaviour (I cannot test it right now) -- why would it start requesting a truckload of info (as compared to WIndows 2000 DNS)? In fact, WHAT is it it is requesting? I plan on setting a 2003 test box as a name server, and I will look at it; but, with people jumping in W2003, and using it as their name server, this might become a hurdle. Cheers, ..hggdh.. ----- Original Message ----- From: "Mathias Gerber" <mathias () intergga ch> To: <full-disclosure () lists netsys com> Sent: Thursday, May 08, 2003 15:36 Subject: Re: [Full-disclosure] Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit
Hello hggdh, On Thu, 8 May 2003 12:09:22 -0500 you wrote:FYI. Any ideas?We are running the latest version (6.3.1) on our Cisco PIX and it appears that there is hard limit of 512 bytes on ANY UDP packets arriving on port 53. Everything exceeding that is dropped.AFAIK the DNS uses TCP for larger replys. -- mathias _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit hggdh (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Mathias Gerber (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Valdis . Kletnieks (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Derek Atkins (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit hggdh (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Mathias Gerber (May 08)