Full Disclosure mailing list archives
Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit
From: "hggdh" <hggdh () attbi com>
Date: Thu, 8 May 2003 12:09:22 -0500
FYI. Any ideas? ----- Original Message ----- From: "DeAvillez, Carlos" <Carlos_DeAvillez () stercomm com> To: <hggdh () attbi com> Sent: Thursday, May 08, 2003 12:08 Subject: FW: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit
-----Original Message----- From: DeAvillez, Carlos Sent: Thursday, May 08, 2003 12:02 To: 'hddgh () attbi com' Subject: FW: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit -----Original Message----- From: Loucks, Jason [mailto:loucks () COMMPROD COM] Sent: Thursday, May 08, 2003 08:59 To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit We recently upgraded our DNS servers to Win 2003. After this time, it became apparent that we are unable to send email to some domains which had been working fine before. After much investigation as to why it "suddenly" stopped working, we determined that Win 2003 requests everything but the kitchen cupboard in its DNS requests, apparently using RFC 2671 to specify the ability to accept >512 byte UDP replies. We are running the latest version (6.3.1) on our Cisco PIX and it appears that there is hard limit of 512 bytes on ANY UDP packets arriving on port 53. Everything exceeding that is dropped. Has anyone else seen this problem?
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by IP3 Inc.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become TICSA certified. Do not miss your opportunity to discover solutions to what our
participants
have identified as their top 5 IT Security Challenges. You will return to work better prepared to put into place an effective security strategy utilizing the latest security tools, bookmarks and URL's. <http://www.ip3seminars.com>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit hggdh (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Mathias Gerber (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Valdis . Kletnieks (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Derek Atkins (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit hggdh (May 08)
- Re: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit Mathias Gerber (May 08)
