Re: Win 2003 DNS requests makes replies over 512 byte PIX limit

From: Jeff Westhead (jwesth_at_WINDOWS.MICROSOFT.COM)
Date: 05/08/03

  • Next message: Robert Heinig: "Re: Alert: Microsoft Security Bulletin - MS03-010" 
    Date:         Thu, 8 May 2003 11:29:05 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Your W2K3 DNS server and the remote DNS server have agreed to exchange
    UDP packets > 512 bytes, but obviously your router is not capable of
    handling this.

    You can disable EDNS-0 in your W2K3 DNS server by running this command:

                    dnscmd /Config /EnableEDnsProbes 0

    Once you run this your W2K3 DNS server will never advertise its EDNS
    capabilities and so will never receive a UDP packet > 512 bytes.

    dnscmd.exe can be found in the Support Tools.

    You can find more information on our support of EDNS here:

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/
    standard/sag_DNS_imp_EDNSsupport.asp

    and here:

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/
    standard/sag_DNS_pro_ModifyEDNS.asp?frame=true

    ---------- Forwarded message ----------
    Date: Thu, 8 May 2003 08:59:01 -0500
    From: "Loucks, Jason" <loucks@COMMPROD.COM>
    Reply-To: Windows NTBugtraq Mailing List

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Have you discovered a security vulnerability related to Windows or a
    commercial product which runs on Windows?

    Need assistance crafting the format or translating your advisory to English?

    Need to verify it, or having problems contacting the Vendor?

    Contact mailto:Advisories@NTBugtraq.com

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Robert Heinig: "Re: Alert: Microsoft Security Bulletin - MS03-010"