Educause Security Discussion mailing list archives

Windows 2008 Server R2 SECDNS Blocked

From: Daniel Bennett <dbennett () PCT EDU>
Date: Thu, 24 Sep 2009 11:14:12 -0400

Has anyone run into their DNS traffic being blocked by their firewall because the reply packet from the Root Hints is 
greater than 512 Bytes?  I came across this with testing a Windows 2008 Server R2 domain controller running DNS.  It 
appears that the implementation of SECDNS on R2 has increased the packet size to be larger than 512 Bytes which is 
default for regular DNS traffic.

If you have run into this did you allow larger DNS UDP packets through your firewall?  If so,  what size limit did you 
set?

Thanks,
Daniel Bennett
IT Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport PA, 17701
570.329.4989

Current thread:

Windows 2008 Server R2 SECDNS Blocked Daniel Bennett (Sep 24)
- <Possible follow-ups>
- Re: Windows 2008 Server R2 SECDNS Blocked Basgen, Brian (Sep 24)
- Re: Windows 2008 Server R2 SECDNS Blocked Valdis Kletnieks (Sep 25)