DNS Packet size

Forum|Forum|14 years ago
March 29, 2012
4 replies
4043 views

Dear all, I have two cisco ASA firewalls in my internal network in cluster mode which is configuard with DNS packet size of 512 bytes. I am getting thousends of requests of larger size of DNS packets, Where my ASA firewall is droping and Iam getting log for every drop and my log server is filling up with these messages. I have Fortigate firewall 620B in cluster mode (with IPS,AVand application controll is enabled) at external side of my network where I have configured all the policyes.Now I want to stop the larger size of DNS packets at my external firewall side. So I won' t get these packers to my internal firewall.Is there any way to do this in fortigate firewall. Regards, Jai Kishore FCNSA

seadave

New Member

I assume you are running an active directory network? You might want to check into the EDNS0 issue. http://support.microsoft.com/kb/832223

Jai_KishoreAuthor

New Member

Dear dfollis, Thanks for your replay. I am using Linux server for DNS.

Jai_KishoreAuthor

New Member

Dear Guys, Any suggetions plz.

ede_pfau

SuperUser

Two thoughts: 1 - apply Application Control to the WAN interface and select a category with DNS. I haven' t checked that (as we have holidays here) but it might be available 2 - construct an IPS custom signature for oversized packets and apply to a DNS only policy Details for hand crafting IPS signatures might be included in the KB or the FortiOS Handbook.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded