Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1369
Views
3
Helpful
3
Replies

DNS UDP datagram size

Rutger Blom
Level 1
Level 1

‎09-05-2007 12:18 PM - edited ‎03-11-2019 04:07 AM

Hello,

The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?

Best regards,

Rutger Blom

Labels:
0 Helpful
3 Replies 3

a.alekseev
Level 7
Level 7

‎09-06-2007 06:23 AM

I allways increase this number to 1024.

abinjola
Cisco Employee
Cisco Employee
In response to a.alekseev

‎02-18-2008 02:50 PM

Security-525(config)# policy-map type inspect dns migrated_dns_map_1

Security-525(config-pmap)# parameters

Security-525(config-pmap-p)# message-length maximum 1024

0 Helpful

adrianotte
Level 1
Level 1

‎02-18-2008 12:48 PM

I know this is an old post and my question relates to IOS Firewall. How do you change the DNS UPD packet size on an IOS firewall?

I know how to do this on a PIX, but not on the IOS firewall.

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card