Skip to main content

Cisco ASA 5505 and EDNS issue

resolution: update your running config on your firewall. See below

issue:
I changed my primary internal DNS to run on a RHEL 6.2 system. After that there were noticeable lags occasionally when I would browse.  Upon review of the syslog I noticed messages like the following;

Jan 31 22:44:41 zion named[26381]: success resolving 'p03-bookmarks.icloud.com/A' (in 'icloud.com'?) after reducing the advertised EDNS UDP packet size to 512 octets

I happen to use a Cisco ASA 5505 and I did some digging around.

firewall(config)# show run | grep mess
  message-length maximum 512

So - it turns out the value is set as part of a policy-map.  Let's tune it.


firewall(config)# policy-map type inspect dns preset_dns_map
firewall(config-pmap)# parameters
firewall(config-pmap-p)# no message-length maximum 512
firewall(config-pmap-p)# message-length maximum 4096
firewall(config-pmap-p)# 
firewall(config-pmap-p)# write mem
Building configuration...
Cryptochecksum: 3a1cdf20 91ce7d1e d8b188fc 1ac006fb 


4215 bytes copied in 1.420 secs (4215 bytes/sec)
[OK]
firewall(config-pmap-p)# 

Everything is better... now I just get these errors (and nothing on my side will fix this issue)
Jan 31 22:46:30 zion named[26381]: error (network unreachable) resolving 'thumbnail.newsinc.com/A/IN': 2001:500:90:1::18#53


Labels:

Comments

Post a Comment

Popular posts from this blog

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin
Post a Comment
Read more

Install RHEL 7 on old HP DL380 g5

Someone at work had been running RHEL on an HP DL380 G5 and blew it up.  After several attempts at doing an installation that made me conclude the hardware was actually bad... I kept digging for the answer. Attempt install and Anaconda could not find any disks - try a Drivers Disk (dd.img) both cciss and hpsa.   -- once we did that, when the system would reboot it would say it could not find a disk. hmmm. Boot from your installation media and interrupt the startup at grub. Add hpsa.hpsa_allow_any=1 hpsa.hpsa_simple_mode=1 to the line starting with linuxefi press CTRL-X to boot. Once the system restarts after the install, you need to once again interrupt the startup and add the line from above. After the system starts, edit /etc/default/grub and add those 2 parameters to the end of the line starting with GRUB_CMDLINE_LINUX (which likely has quiet at the end of the line currently). then run # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig # grub2-mkconfig -o /boot/grub2
Post a Comment
Read more

MOTD with colors! (also applies to shell profiles)

I'm not sure why I had never looked into this before, but this evening I became obsessed with discovering how to present different colored text in the /etc/motd. A person had suggested creating a shell script (rather than using special editing modes in vi, or something) and I agree that is the simplest way of getting this accomplished quickly. This most noteworthy portion of this script is the following: RESET="\033[0m" that puts the users shell back to the original color. I typically like a green text on black background. Also - a great reference for the different colors and font-type (underscore, etc...) https://wiki.archlinux.org/index.php/Color_Bash_Prompt I found this example on the web and I wish I could recall where so that I could provide credit to that person. #!/bin/bash #define the filename to use as output motd="/etc/motd" # Collect useful information about your system # $USER is automatically defined HOSTNAME=`uname -n` KERNEL=`un
1 comment
Read more