Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU

• Previous message (by thread): Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU
• Next message (by thread): Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews <Mark_Andrews at isc.org> wrote
> :
> > > I receive DNS responses > 500 bytes every day (reported by PIX firewall).
>  So
> > > it is an issue, no matter wgat is recomended in RFC.
> > 
> >         The correct thing to do is to fix your firewall to handle the
> >         EDNS responses.
> 
> It is a cisco pix, right?  Maybe just replacing the thing with a 1U
> openbsd box will work wonders.

	A PIX firewall can handle EDNS fine.  It just has to be told
	what is the maximum EDNS size being advertised by the internal
	clients.  The defaults assume there is no EDNS (e.g. 512).
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

• Previous message (by thread): Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU
• Next message (by thread): Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]