[c-nsp] ASA55xx | DNS Maximum message
Bill Blackford
BBlackford at nwresd.k12.or.us
Wed Dec 8 13:55:59 EST 2010
We experienced an odd issue recently where queries to a .gov site were timing out. Upon further investigation, packet captures, etc., we noticed that the return packet was fragmented and 1514 bytes. I increased the default value in
policy-map type inspect dns <pol_name>
parameters
message-length maximum xxx
This seem to fix my issues with that particular .gov site.
My question is has the recent signing of dns zones on certain .gov name hosts affected the packet size and will this be an ongoing issue for folks running asa with the default inspect parameters?
Thank you,
-b
--
Bill Blackford
Senior Network Engineer
Technology Systems Group
Northwest Regional ESD
Logged into reality and abusing my sudo priviledges
More information about the cisco-nsp
mailing list