Date: Mon, 06 Feb 2017 21:12:25 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains Message-ID: <bug-216867-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216867 Bug ID: 216867 Summary: IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains Product: Base System Version: 11.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: conf Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd-bugs@rsle.net CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org The default IPFW "workstation" rules seem to block fragmented packets cause= d by DNSSEC, in turn causing DNS to fail for some domains (including freebsd.org subdomains) when DNS resolution is performed locally (using BIND or Unbound= ). Fix: The addition of the IPFW rule "ipfw add reass udp from any to any in" to /etc/rc.firewall, under type workstation, fixes the issue. This issue was discussed at: https://forums.freebsd.org/threads/48760/ --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216867-6>