nuqneH,

Well, mine does cache/proxy so there is no packet size restriction
per se..

On Tue, Aug 29, 2006 at 03:13:34PM -0400, Dave Piscitello wrote:
> Hi all,
>
> I am trying to understand how different firewalls behave when they
> receive a UDP datagram containing a DNS message that uses EDNS0 (RFC
> 2671) to support message sizes greater than the 512 maximum specified in
> RFC 1035 (original DNS).
>
> Specifically,
>
> - does your firewall block/silently discard such messages by default?
> - do you know the command to allow the message if blocked by default?
>
> I've found dozens of claims that firewalls don't handle EDNS0 correctly,
> but after a long search, I've only found URLs indicating that Firewall-1
> and Pix block by default and have workarounds.
>
> I'm curious whether SonicWall, Netscreen, Symantec, etc. behave
> similarly. I'd also be curious to learn the behavior of IPS devices and
> DNS proxies (Watchguard, WinProxy, etc).



_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards