Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DNS lookups for MX records fail through PIX

I have an SMTP gateway in a DMZ. When I query MX records using UDP for certain domains using my internal DNS server as the DNS server the responses fail on certain domains that have large responses. My initial thoughts are that the DNS UDP packets are larger than 512bytes. Matter of fact I'm almost positive that is the problem. I've tried resolving this by increasing the size of the DNS fixup but it doesn't work. Has anyone seen this before? Any ideas? By the way, from inside my network querying the MX records for some of those domains using the same DNS server the response comes back fine, it's just from the DMZ that this fails. And, if I allow TCP into the DMZ for DNS the SMTP server reverts to using TCP and it works.

Thanks,

4 REPLIES
New Member

Re: DNS lookups for MX records fail through PIX

trying issue the command:

no fixup protocol DNS

New Member

Re: DNS lookups for MX records fail through PIX

Thanks, but I did that and I still can't get a response using UDP. Starting to think I might have a buf in the PIX code.

New Member

Re: DNS lookups for MX records fail through PIX

Oh, I meant bug not buf: fat fingers. By the way UDP queries for domains that have short responses work fine.

New Member

Re: DNS lookups for MX records fail through PIX

Actually, you may want to do the command:

fixup protocol dns maximum-length 2048

This should resolve your issue. I'm guessing you have Windows 2003 DNS servers?

151
Views
0
Helpful
4
Replies
CreatePlease login to create content