Hi list I'm currently migrating our dns server to new binds releases due to daminsky vulnerability, but I'm hitting a rock because of the disable of edns protocol, to do this test first I disable disable the firewall in pfsense and in the os, but still bind is not able to work with edns protocol, the guys at isc told me this:
"disabling EDNS" is issued when named experiences too many timeouts to EDNS queries and named decides to give up on EDNS and revert to plain old DNS. Now timeouts can be the result of many things. Broken nameservers that don't respond to EDNS queries. Firewalls that block EDNS queries. Firewalls that block fragmented responses. Firewalls/NATs that don't handle out of order fragments So, my question is?? PFSense handles fragmented responses well??? PFSense handles out of order fragments well?? I will send a capture I did on the dmz interface where I can see that old plain dns queries works ok, but edns fails with a port unreachable when using high udp ports. Any ideas?? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
