Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU

  • From: Mark Andrews
  • Date: Mon Jan 10 08:44:49 2005 

> On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews <Mark_Andrews@isc.org> wrote
> :
> > > I receive DNS responses > 500 bytes every day (reported by PIX firewall).
>  So
> > > it is an issue, no matter wgat is recomended in RFC.
> > 
> >         The correct thing to do is to fix your firewall to handle the
> >         EDNS responses.
> 
> It is a cisco pix, right?  Maybe just replacing the thing with a 1U
> openbsd box will work wonders.

	A PIX firewall can handle EDNS fine.  It just has to be told
	what is the maximum EDNS size being advertised by the internal
	clients.  The defaults assume there is no EDNS (e.g. 512).
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.