Hi all, Has anybody had experience of Pix (525) dropping DNS requests at random after upgrade to 5.2(3) from 4.4(5). Gone back to 4.4(5) with same config and all OK. Bug navigator provided the following: Bug Id : CSCds58726 UDP packets with destination port 53, DNS packets, will be dropped by the PIX if the packet size is more than 512 bytes. This is a design specification. The only reference I have been able to find at Cisco is: DNS PIX Firewall drops DNS packets sent to UDP port 53 that have a packet size larger than 512 bytes. (Can't find out why other than some vague references to anti spoofing for DNS responses (on Checkpoint site) Putting a sniffer on my dial-up connection it seems that my DNS requests are always 73 bytes, but that the DNS replies vary greatly (I managed to get from 83 to 507bytes). Can anybody provide any information. Is this size limitation likely to be causing any problems. Why is it there? Is there a max size for DNS replies, or is it just based on MTU size? Thanks, Gareth _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
