[dns-operations] DNS large replies and Cisco's ip virtual-reassembly
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Jan 26 13:45:41 UTC 2010
While working with the French Internet community on the signing of the
root and the handling of large DNS replies, a site had problems with
tests like <https://www.dns-oarc.net/oarc/services/replysizetest>. The
test started to work when they configured their router Cisco 3825
(which was located before a firewall Juniper SSG) to:
ip virtual-reassembly
Can any Cisco expert explain what it does? I assume the firewall
cannot handle fragments and the above command forces the router to
reassemble fragmented packets but I prefer to be sure before adding it
to my database of "Most Common Problems with DNS large replies".
More information about the dns-operations
mailing list