[fw-wiz] Win 2003 and PiX

From: Iannaccone, Al (Al.Iannaccone_at_occ.treas.gov)
Date: 05/09/03

  • Next message: Mikael Olsson: "Re: [fw-wiz] Rationale for BSD (I)PF rule order?" 
    To: firewall-wizards@honor.icsalabs.com
Date: Fri, 9 May 2003 12:47:56 -0400

    Hello;

    This is something I found on Bugtraq... has anyone else seen this? Thanks.
    This is another sysadmin discussing...

    ----====SNIP====----

    We recently upgraded our DNS servers to Win 2003. After this time, it
    became apparent that we are unable to send email to some domains which
    had been working fine before.

     

    After much investigation as to why it "suddenly" stopped working, we
    determined that Win 2003 requests everything but the kitchen cupboard in
    its DNS requests, apparently using RFC 2671 to specify the ability to
    accept >512 byte UDP replies.

     

    We are running the latest version (6.3.1) on our Cisco PIX and it
    appears that there is hard limit of 512 bytes on ANY UDP packets
    arriving on port 53. Everything exceeding that is dropped.

     

    Has anyone else seen this problem?

    ----====SNIP====----

    Disclaimer: Don't take anything here as advice.

    Al

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Mikael Olsson: "Re: [fw-wiz] Rationale for BSD (I)PF rule order?"
    Loading