[ previous ] [ next ] [ threads ]
 
 From:  rh at ffpx dot de
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Fwd: Re: [m0n0wall] DNS-Resolver doesn't support middle-size and big TXT-Rules!?
 Date:  Thu, 07 Jul 2011 10:56:06 +0200 
Hi Mat,

thanks a lot for Your reply. But I have no CISCO FW I have m0n0wall  
and this is the only gateway between my linux and windows machineswhat  
could disturb the traffic - however I dont guess, that my provider  
Kabel-BW should have there asome responsability. - But please what  
means ids? would this be m0n0-relevant?

Ralf


Hi Ralf

I had this problem runnning a DNS server with windows 2003 and a Cisco pix
firewall. I had to make a change on the ids as the pix treated the packets
as bad/malicious. Hope that helps you

Mat.

Sent from my Android phone
On Jul 6, 2011 10:24 PM, <rh at ffpx dot de> wrote:
> Hi again and excuses -
>
> because I made some english mistakes able to misunderstand the
> problem. This seems to be in the length of TXT-Records for
> DNS-Resolving.
>
> I didnt change anything what would concern these records... - How is
> this problem to evaluate?
>
> Does anybody has any hint?
>
> Thanks a lot in advance
>
> Ralf
>>
>> yesterday I made a new netanalyzer Test wich is available for free at:
>> http://netalyzr.icsi.berkeley.edu/index.html
>>
>> with the following results:
>>
>> Your DNS-Resolver is not able to receive big DNS-Replys even with
>> activated EDNS.
>>
>> The DNS-Resolver doesnt support the following request-types:
>>
>> + middle-size (~1300B) TXT-RECORDS
>> + big-size (~3000B) TXT-RECORDS
>>
>> ##############################################
>>
>> Ihr DNS-Resolver kann keine großen (>1500 Byte) DNS-Rückmeldungen
>> erfolgreich empfangen, obwohl EDNS aktiviert sein soll.
>>
>>
>> Der Resolver 192.168.1.10 unterstützt die folgenden Anfragetypen nicht:
>>
>> * Mittelgroße (~1300B) TXT-Einträge
>> * Große (~3000B) TXT-Einträge
>>
>> Er validiert DNSSEC. Er lässt NXDOMAIN-Fehlermeldungen unverändert.
>> Der Resolver besitzt die folgenden Eigenschaften:
>>
>> * Rechnername: ka-dns-res-01
>> * Version: dnsmasq-2.45
>> * Authoren: Simon Kelley
>> * Lizenzrechte: Copyright (C) 2000-2008 Simon Kelley
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>
>
> ----- Ende der Nachricht von rh at ffpx dot de -----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>


----- Ende der weitergeleiteten Nachricht -----