With Extension Mechanisms for DNS (EDNS0) as defined in RFC 2671, "Extension Mechanisms for DNS (EDNS0)," DNS requestors can advertise UDP packet size and transfer packets larger than 512 bytes. By default, some firewalls have security features turned on that block UDP packets that are larger than 512 bytes. As a result, DNS queries may fail. -----Original Message----- From: Dario [mailto:[EMAIL PROTECTED] Sent: Sunday, March 13, 2005 9:47 AM To: xmail@xmailserver.org Subject: [xmail] R: Re: Problems with hotmail.com
That should be in RFC 2671... Dario -----Messaggio originale----- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di Tracy Inviato: domenica 13 marzo 2005 14.43 A: xmail@xmailserver.org Oggetto: [xmail] Re: Problems with hotmail.com At 00:09 3/13/2005, Kroll, David wrote: >This is a Win2003 DNS issue. >Some mailservers behind firewalls which do not allow transfer of UDP packets >larger than 512 bytes may not be able to return the MX record > >If your firewall restricts UDP packet transfers though, you may want to >verify that it will allow transfer of a MX record within the size >limitations specified by RFC1035: > >http://www.faqs.org/rfcs/rfc1035.html > >Windows 2003 server has included Extension Mechanisms for DNS (EDNS0) to >allow larger packets. If you run this command on a 2003 server: "dnscmd >Server Name/Config /EnableEDnsProbes 0", it fixes it without making any >changes to the firewall. OK, did I miss something, or have UDP-based DNS messages been changed since the last time I looked? <checks RFC1035> Nope... Still a 512 octet message length (section 2.3.4). Any UDP-based DNS message longer than that is not RFC compliant, and (IMHO) should be blocked. That's why there's a method to fall back to TCP when there's more data to be returned than will fit in a 512 octet message.... If there's an RFC that allows larger packets in UDP, could you reference it please? - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] -- Binary/unsupported file stripped by Ecartis -- -- Type: application/x-pkcs7-signature -- File: smime.p7s - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
