10 Jan
2005
10 Jan
'05
8:29 a.m.
On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews <Mark_Andrews@isc.org> wrote:
I receive DNS responses > 500 bytes every day (reported by PIX firewall). So it is an issue, no matter wgat is recomended in RFC.
The correct thing to do is to fix your firewall to handle the EDNS responses.
It is a cisco pix, right? Maybe just replacing the thing with a 1U openbsd box will work wonders. -- Suresh Ramasubramanian (ops.lists@gmail.com)