On 14.12.11 17:21, babu dheen wrote:
In this case, do you think that internal users trying to send emails directly to internet?
Maybe, maybe not. DNS queries can come from many other applications.
Email delivery is taken care by Email Gateway device, obviously, DKIM verification (if enabled) can only be done by Email gateway of my company... How does internal client make DKIM query which uses the TXT record in DNS ?
The client simply sends dns query that results in bigger response than 512 bytes. The client only must set EDNS flag in outgoing
Can you tell me list of URL which size exceed 514 bytes to verify whether my internal server truncate/return failure code when query such URL using UDP query?
We can not. There are millions of DNS zones and millions of responses that can cross the 512B limit.
simply fix your firewall and stop dropping DNS packets bigger than 512 bytes.
-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
