On 13/12/2011 13:04, babu dheen wrote: > Hi, > > Our company users are using internal DNS servers for name resolution > and internal DNS servers are configured to forward the DNS query to > company gateway DNS servers for external queries > > User --> internal DNS server ---> gateway DNS server ---> internet > > But when i look at the firewall hit , i can see gateway DNS server is > again sending DNS query to internal DNS server and the same is denied in > firewall with below error > > Dropped UDP DNS reply from OUTSIDE:<gateway-dns-ip>/53 to > DMZ50:<internal-dns-ip>/63953; packet length 526 bytes exceeds > configured limit of 512 bytes
Your firewall is misconfigured. Who said DNS reply packets cannot be bigger than 512 bytes? You need to reconfigure your firewall, and remove that 512-byte limit for DNS queries and responses. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
