Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
1
Replies

DNS Zone Transfer across a Firewall

vkhanduri
Level 1
Level 1

‎04-03-2003 10:58 AM - edited ‎03-09-2019 02:46 AM

Is it true that if Primary and Secondary DNS servers are either sides of PIX and PIX is using NAT the ZONE transfer will fail if the file is too long?

Thanx

Vikas Khanduri

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎04-03-2003 06:38 PM

Haven't heard of any issues with that.

You may be referring to the fact the PIX will drop UDP DNS packets that are larger than 512 bytes. This keeps us in spec with RFC 1035 and prevents buffer overflow attacks to internal DNS servers.

Zone transfers, on the other hand, are TCP DNS packets and are not subject to this limitation.

0 Helpful
Customers Also Viewed These Support Documents