DNS UDP datagram size

Unanswered Question
Sep 5th, 2007


The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?

Best regards,

Rutger Blom

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
abinjola Mon, 02/18/2008 - 14:50

Security-525(config)# policy-map type inspect dns migrated_dns_map_1

Security-525(config-pmap)# parameters

Security-525(config-pmap-p)# message-length maximum 1024

adrianotte Mon, 02/18/2008 - 12:48

I know this is an old post and my question relates to IOS Firewall. How do you change the DNS UPD packet size on an IOS firewall?

I know how to do this on a PIX, but not on the IOS firewall.



This Discussion