Error: "Too many timeouts resolving" and "disabling EDNS"

book

Article ID: 177393

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Why are errors appearing in the messages file?
 

The messages file shows the following errors:

2008 Oct 17 23:59:05 (info) named[21048]: too many timeouts resolving \'domain.com/MX\' (in \'.\'?): disabling EDNS
2008 Oct 17 23:59:45 (info) named[21048]: too many timeouts resolving \'2.21.168.192.in-addr.arpa/PTR\' (in \'.\'?): disabling EDNS

Cause

This is the result of a firewall or router that interferes with certain DNS packets, or with general network traffic issues. EDNS response packets increasingly exceed the 512 byte size limit used by older DNS implementations and some firewalls and packet filters are not configured to handle or allow this traffic.

Resolution

Update and configure your firewall to accept DNS UDP packets larger than 512 bytes. It is recommended to configure such thresholds to 4096 bytes.

For information on how to test if your firewall or routers support EDNS please see these resources:


Further References:

Note: The non-Symantec links above are provided as convenience to Symantec customers. Symantec is not responsible for content on third party sites.


Technical Information
Some firewalls will limit the size of a DNS UDP packet to 512 bytes or prevent IP fragments.