Michael,
Do you have a standard template that you use for your Cisco firewall
devices?
Or are you just disabling the fixup protocol's?
Jerry
On 07/24/10 15:16, Michael Sinatra wrote:
That's true, but it doesn't quite explain why the "DNS Inspection
Policy," turned on by default on the PIX/FWSM/ASA, continued to have a
default maximum DNS message size of 512 bytes more than a decade after
EDNS0 became a standards-track RFC.
In this case, Cisco's defaults are brain-dead. Whether that had an
impact here or the issue was due to mere fragmentation isn't clear, but
those default values have had an impact on DNSSEC deployment.
michael
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
