Our network team are quite reluctant to make any changes on the FWSM in regards to DNS inspection. So it seems that we are stuck with maximum UDP packet of 512 byte.
Unfortunately, I do not have much evidence (ie user complains) to escalate this issue much further except from few number of users who *intermittently* unable to access www.paypal.com. The term "intermittently" is the main keyword, and because of that the finger are now point back the the DNS server. I believe that Increasing the maximum limit or disable inspection will fix the issue , but I will need to gather sufficient case and compelling report. - Does any one have a good example of prominent website that have DNSEC setup properly other than paypal? - Any example of dns record that send packet larger than 512 ? - Any other information I can use to help create the report ? As a work around I can possibly set EDNS UDP size to match the firewall limit, but I think this is my last option. Any help is greatly appreciated! Regards, Rianto Wahyudi _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
