Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

DNS UDP datagram size

Hello,

The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?

Best regards,

Rutger Blom

3 REPLIES

Re: DNS UDP datagram size

I allways increase this number to 1024.

Cisco Employee

Re: DNS UDP datagram size

Security-525(config)# policy-map type inspect dns migrated_dns_map_1

Security-525(config-pmap)# parameters

Security-525(config-pmap-p)# message-length maximum 1024

Community Member

Re: DNS UDP datagram size

I know this is an old post and my question relates to IOS Firewall. How do you change the DNS UPD packet size on an IOS firewall?

I know how to do this on a PIX, but not on the IOS firewall.

Thanks.

594
Views
3
Helpful
3
Replies
CreatePlease to create content