On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote: > Thanks for the confirmation that the problem was related to DNSSEC. > > I didn't see your message until I got home from work; however, I did > find the root of the problem late this afternoon. At each of our > Internet egress and ingress points, we have Cisco ASA devices sitting in > front of a pair of redundant firewalls. Each ASA is configured with the > default DNS inspect policy that doesn't accept fragmented UDP packets.
Why would any inspection policy not allow fragmented UDP packets? There's nothing wrong with that. Danny _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
