lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <019301c315ac$085aea40$3264a8c0@local>
From: hggdh at attbi.com (hggdh)
Subject: Fw: [NTBUGTRAQ] Win 2003 DNS requests makes replies over 512 byte PIX limit

I am sorry I did not explain myself here -- my fault. Apologies to Mathias,
Peter, and Ron.

Indeed almost all name server in use will use TCP for larger replies. They
probably did not get any responses because, as a lot of people out there,
they only allow UDP for DNS.

But Windows 2003 implements EDNS0 (RFC2671), which allows for UDP payloads
larger than 512 bytes...

The actual point/thing I am curious about is on the WIndows 2003 DNS
behaviour (I cannot test it right now) -- why would it start requesting a
truckload of info (as compared to WIndows 2000 DNS)?

In fact, WHAT is it it is requesting?

I plan on setting a 2003 test box as a name server, and I will look at it;
but, with people jumping in W2003, and using it as their name server, this
might become a hurdle.

Cheers,

..hggdh..


----- Original Message ----- 
From: "Mathias Gerber" <mathias@...ergga.ch>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, May 08, 2003 15:36
Subject: Re: [Full-Disclosure] Fw: [NTBUGTRAQ] Win 2003 DNS requests makes
replies over 512 byte PIX limit


> Hello hggdh,
> On Thu, 8 May 2003 12:09:22 -0500 you wrote:
> > FYI. Any ideas?
> > > We are running the latest version (6.3.1) on our Cisco PIX and it
> > > appears that there is hard limit of 512 bytes on ANY UDP packets
> > > arriving on port 53.  Everything exceeding that is dropped.
> AFAIK the DNS uses TCP for larger replys.
> -- 
> mathias
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ