09-05-2007 12:18 PM - edited 03-11-2019 04:07 AM
Hello,
The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?
Best regards,
Rutger Blom
09-06-2007 06:23 AM
I allways increase this number to 1024.
02-18-2008 02:50 PM
Security-525(config)# policy-map type inspect dns migrated_dns_map_1
Security-525(config-pmap)# parameters
Security-525(config-pmap-p)# message-length maximum 1024
02-18-2008 12:48 PM
I know this is an old post and my question relates to IOS Firewall. How do you change the DNS UPD packet size on an IOS firewall?
I know how to do this on a PIX, but not on the IOS firewall.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: