greetings,

i have been noticing my firewall denying udp packets that exceed 512.
What is the correct packet size , and should I make any adjustments on
ether the dns side or the firewall?

sample firewall log:
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 523
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 557
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 523
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:33 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 557
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:35 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 519
bytes exceeds configured limit of 512 bytes
Oct 9 09:46:38 192.168.1.2 %PIX-4-410001: Dropped UDP DNS reply from
outside:209.1.1.2/53 to inside:209.96.10.100/53661; packet length 573
bytes exceeds configured limit of 512 bytes

thanks for any insight

-jeff