09-05-2007 12:18 PM - edited 03-11-2019 04:07 AM
Hello,
The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?
Best regards,
Rutger Blom
09-06-2007 06:23 AM
I allways increase this number to 1024.
02-18-2008 02:50 PM
Security-525(config)# policy-map type inspect dns migrated_dns_map_1
Security-525(config-pmap)# parameters
Security-525(config-pmap-p)# message-length maximum 1024
02-18-2008 12:48 PM
I know this is an old post and my question relates to IOS Firewall. How do you change the DNS UPD packet size on an IOS firewall?
I know how to do this on a PIX, but not on the IOS firewall.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide