On Mar 19, 2010, at 3:35 PM, Kevin Oberman wrote: > PIX, you say? They used to have a problem with DNS UDP packets over 512 > bytes. (Well, it didn't have a "problem", it just blocked them. I'm not > sure what, if any code version fixes this. (I don't have any these days.)
6.3 fixed it. The command is "fixup protocol dns min_length <nnn>". It was indeed the PIX, though "ip audit signature 6053 disable" allows T_ANY DNS queries. By default sig 6053 blocks T_ANY on the outside interface... Thank you all for your suggestions. -- Glenn English g...@slsware.com _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
