[dns-operations] DNS maximum packet size
Mark Andrews
marka at isc.org
Mon Sep 21 00:54:37 UTC 2009
In message <78A6FD6DE4407F41B93988CBA58496E903083EFA at HQGTNEVS-03.doe.local>, "P
atrick, Robert" writes:
> Are firewall vendors working to increase the default settings for DNS
> maximum packet size in order to better support EDNS and DNSSEC?
>
> bytes, and I'm going to guess similar settings exist for other vendor
> firewalls.
CISCO say that their current firewalls automatically adjust
this depending upon the EDNS UDP size option in the request.
> A recent inquiry to increase the default setting for DNS maximum packet
> size enforcement on Cisco firewalls was answered with "the default
> configuration change is not on our firewall roadmap".
The value impacts on non-EDNS queries. I wouldn't expect it to
change.
> Is anybody working to get the vendors to put this change into product
> roadmaps, especially as year-end approaches and the OMB deadline is
> reached?
CISCO have already reacted.
You need to ask other vendors.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list