udp packets and ftp.nai.com

[Blake]

Because our PIX will not support large UDP packets, I have applied the
stanard fix:

dnscmd /Config /EnableEDnsProbes 0

However, now I cannot resolve ftp.nai.com.

In my cached zone, there is an FTP zone beneath the NAI zone.

The FTP.NAI.COM zone has no A records, just 2 NS records. Anybody seen this
behavior??

Blake

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Because our PIX will not support large UDP packets, I
have applied the stanard fix:

dnscmd /Config /EnableEDnsProbes 0

However, now I cannot resolve ftp.nai.com.

In my cached zone, there is an FTP zone beneath the NAI
zone.

The FTP.NAI.COM zone has no A records, just 2 NS records.
Anybody seen this behavior??

QUESTION SECTION:
ftp.nai.com. IN A

ANSWER SECTION:
ftp.nai.com. 15 IN CNAME ftp.nai.speedera.net.
ftp.nai.speedera.net. 59 IN A 63.209.221.236
ftp.nai.speedera.net. 59 IN A 208.254.18.148

Query time: 290 ms
Server : 192.168.0.2:53 udp (192.168.0.2)
When : 11/4/2004 11:11:49 AM
Size rcvd : 95

 

[ObiWan]

Because our PIX will not support large UDP packets,

I have applied the stanard fix:

dnscmd /Config /EnableEDnsProbes 0

hm ... not sure, but if I recall it correctly the above
should just tell to the DNS to avoid checking ext
servers for EDNS support; this in turn means that
query answers not fitting a single (standard) UDP
packet will be retried using TCP .. does your PIX
allow DNS traffic on TCP ?


--

* ObiWan

Microsoft MVP: Windows Server - Networking

http://www.microsoft.com/communities/MVP/MVP.mspx
http://mvp.support.microsoft.com

 

[Blake]

It works fine for other look ups. Just not this host.

These servers/configs have been in place for a couple years.

 

[Blake]

So NAI is aliasing the FTP host via a CNAME?

I assume MS DNS (2k3) can handle that OK??

Blake

 

[Blake]

Something has changed on NAI's DNS info - this is working now, they have an
A record in the ftp.nai.com zone

Thanks

Blake

 

[Kevin D. Goodknecht Sr. [MVP]]

In

So NAI is aliasing the FTP host via a CNAME?

I assume MS DNS (2k3) can handle that OK??

Yes, it can.

I think the problem is in your PIX firewall, I'd fix that. I know you said
you disabled EDNS, when you ran the command did it apply successfully? That,
is the recommended fix.

 

[Deji Akomolafe]

I told you this morning that this was NOT "your problem" to fix.

--


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Jonathan de Boyne Pollard]

Because our PIX will not support large UDP packets, I have applied the stanard fix:



No you haven't.  You've applied the local fix, not the service fix.


However, now I cannot resolve ftp.nai.com.



The owners of nai.com. are publishing mutually-contradictory data at the moment.  This is not your problem.

 

[C L]

I had the exact same problem, and here is what fixed it for me:

Microsoft KB article 873430 describes the problem and the hotfix that
is available. I called Microsoft, and they emailed me the hotfix
immediately, and it solved the problem. I can now resolve
ftp.nai.com.