Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
713
Views
0
Helpful
1
Replies

PIX drops DNS packets larger than 512 bytes

rscotti
Level 1
Level 1

‎02-02-2005 02:43 PM - edited ‎02-20-2020 11:54 PM

After a recent PIX upgrade to 6.3(3), syslog messages indicate the PIX is dropping DNS packets larger than 512 bytes. Research found a Cisco

bug ID CSCds58726 and microsoft knowledgebase article KB828263. Apparently, Win2003 servers use the newer RFC "EDNS0" which allows for larger than 512 byte DNS packets. There is a registry tweak to disable this on the microsift side. Is there any

workaround for support of the larger DNS packet sizes? Can I disable the inspection of these packets? Has anyone else experienced this?

0 Helpful
1 Reply 1

sstudsdahl
Level 4
Level 4

‎02-02-2005 02:54 PM

You should be able to disable the DNS fixup protocol to solve this issue. You can also increase the maximum size of the DNS packet allowed within the DNS fixup protocol also. Here is the command that you need to look at for this.

[no] fixup protocol dns [maximum-length length]

Steve

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card