I had it set as:
policy-map global_policy
class inspection_default
inspect dns maximum-length 4096
Which is what Cisco recommends. EDNS tests worked fine, but the BIND
servers would still get backed up.
On Wed, Mar 26, 2014 at 7:35 AM, Thom, Paul E <[email protected]>wrote:
> Do you have the FWSM DNS inspection configured to support EDNS. Not
> sure if I have seen ASA / PIX code causing that problem when EDNS support
> was not configured on the firewalls but it's something to look at.
>
>
>
>
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *Jason
> Brandt
> *Sent:* March-26-14 9:09 AM
> *To:* Sam Wilson
> *Cc:* [email protected]
> *Subject:* Re: High recursive client counts
>
>
>
> The code on our FWSMs isn't the latest release, so that could be part of
> the issue, but it's been about 16 hours now since I shut it off, and so far
> so good. I would say though with the other load on our firewalls, it's
> highly possible that they were being overloaded. Unfortunately our MRTG
> isn't setup to track firewall CPU, so I can't say for sure.
>
>
>
> Thanks,
>
> Jason
>
> --
>
> Jason K. Brandt
>
> Systems Administrator
>
>
>
--
Jason K. Brandt
Systems Administrator
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
