Win2003 DNS problems with big response

My dear friend Simone focused me on this issue with Windows 2003 DNS.

Started with Windows 2003, Microsoft implements the Extension Mechanism for DNS (EDNS0) described in RFC 2671; basically it allow a DNS server to manage query response bigger than 512 Bytes.

While this in itself is not problematic, some firewalls do not allow UDP packets larger than 512 bytes, just as an example querying the mx record of yahoo.com or libero.it generates big answer that usually are filtered by firewalls.

In case you're not able to modify your firewall rules, the following MS Article (KB 832223) explain how to workaround this problem disabling EDNS0 feature.
Tags:

About author

Vittorio Pavesi