04. June 2013 · Comments Off on DNS dropped because packets to big for configured 512? · Categories: Cisco · Tags: , , , ,

6-4-2013 12-02-03 PM

you can safely increase the dns packet length to 1500 ,  512 is the default.

“fixup protocol dns maximum-length 1500 ”

Background on fixup protocol dns

Use the fixup protocol dns command to specify the maximum DNS packet length. DNS requires application inspection so that DNS queries are not subject to the generic UDP handling based on activity timeouts. Instead, UDP connections associated with DNS queries and responses are torn down as soon as a reply to a DNS query has been received.

The port assignment for the Domain Name System (DNS) is not configurable.

Set the maximum length for the DNS fixup as shown in the following example:

pixfirewall(config)# fixup protocol dns maximum-length 1500

pixfirewall(config)# show fixup protocol dns

fixup protocol dns maximum length 1500