Re: [Full-Disclosure] Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit
To: Mathias Gerber <email@example.com> Date: Thu, 08 May 2003 17:13:17 -0400
On Thu, 08 May 2003 22:36:16 +0200, Mathias Gerber <firstname.lastname@example.org> said:
> AFAIK the DNS uses TCP for larger replys.
Back when the maximum usable MTU in the Arpanet was 584, the DNS protocol
basically said "Send the query as UDP, if reply is over 512 bytes long
server sends back 'too big', and retry the query as TCP".
RFC2671 specifies an extension mechanism for DNS (EDNS0), and even if you
don't use any other extensions provides a convenient way of saying "Use UDP
if the packet is under 1280 (or 4K, or whatever you specify)". This allows
the (hopeful) savings of a 3 packet handshake to set up a TCP session and
another several packets at FIN time.
However, just as with older firewalls that break RFC3168 ECN (explicit
congestion notification) because they don't like the use of previously
"reserved" bits in the TCP SYN packet, some gear doesn't like seeing the
RFC2671-format DNS queries and drop them on the floor...
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Full-Disclosure - We believe in it.
- application/pgp-signature attachment: stored