North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU

  • From: Suresh Ramasubramanian
  • Date: Mon Jan 10 08:30:54 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=WiIN9jEtcQDZH+CoZk8F3tyEmvqBJD+n1dbrj6Wkt5XuhqpgQm2P2/m0qbGaYC+u59OnPfdg0/8q9+uyRLNHIqX5RnL96yPJvlV3JIoXr8U3wy/KLBmdDtzJvaP2qpsLNpbVMluBdio/R3CaGVnnip9zq7YYtKDKCwMmgS4kYRg=
On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews <[email protected]> wrote:
> > I receive DNS responses > 500 bytes every day (reported by PIX firewall). So
> > it is an issue, no matter wgat is recomended in RFC.
> 
>         The correct thing to do is to fix your firewall to handle the
>         EDNS responses.

It is a cisco pix, right?  Maybe just replacing the thing with a 1U
openbsd box will work wonders.

-- 
Suresh Ramasubramanian ([email protected])