[dns-operations] DNS maximum packet size

Mark Andrews marka at isc.org
Mon Sep 21 00:54:37 UTC 2009


In message <78A6FD6DE4407F41B93988CBA58496E903083EFA at HQGTNEVS-03.doe.local>, "P
atrick, Robert" writes:
> Are firewall vendors working to increase the default settings for DNS
> maximum packet size in order to better support EDNS and DNSSEC?
> 
> bytes, and I'm going to guess similar settings exist for other vendor
> firewalls.
 
	CISCO say that their current firewalls automatically adjust
	this depending upon the EDNS UDP size option in the request.

> A recent inquiry to increase the default setting for DNS maximum packet
> size enforcement on Cisco firewalls was answered with "the default
> configuration change is not on our firewall roadmap".

	The value impacts on non-EDNS queries.  I wouldn't expect it to
	change.
	
> Is anybody working to get the vendors to put this change into product
> roadmaps, especially as year-end approaches and the OMB deadline is
> reached?

	CISCO have already reacted.

	You need to ask other vendors.
 
	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list