Date: Wed, 28 Jan 2015 20:13:54 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: freebsd-net@freebsd.org Subject: Problems with DNSSEC -- answer in fragmented UDP doesn't work Message-ID: <54C918D2.7090805@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I could not resolve names with DNSSEC (for example, in freebsd.org
domain) on two of my installations, one with FreeBSD 11 and other with
FreeBSD 9.3.
Symptoms are the same: answer is sent as fragmented IP/UDP packet and
second part of answer is never arrived. For example, this doesn't work
for me ("timeout" and only first part of fragmented packet on wire
according to tcpdump):
% dig +dnssec www.freebsd.org @72.52.71.1
; <<>> DiG 9.9.5 <<>> +dnssec www.freebsd.org @72.52.71.1
;; global options: +cmd
;; connection timed out; no servers could be reached
%
Problem is, latest bind (9.9 from ports) send such requests over UDP,
not TCP.
Is it Ok? Is it misconfiguration of my networks (I have such problem
in tow different installations) or something?
- --
// Lev Serebryakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJUyRjSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePWP8P/Rnxgs5mAXzYTlYqa5S0e8H/
22bKyBIzqGiv6Ha33/qWLSl+bjVbMfYYJU8DHMv0kHp00JK1W5ezmq9GRm1OeDWS
EP/03Etrm2BInQM486GOXFsp2k1MGR/+GbrzXfCs/WZj1zbrNIZ6aqQ9WOOlnukJ
eEsTO7rBUiuW6PbCAHSvzw7BBWDX59+Mj2KgjEesL+E/CxMGQy2iskB8eLSDrgpJ
EXqB5mGYEgyTDRcQ+EZnYGowMUEU5ZWoS2uKJkH5M+9ok9uj/58z3hYxUy0Yr93K
VNaSfjZcvKB+Yfj/mOG+WbrBgz/kJmryyh676WBI0BvIEBKEo+3gcPJVZBnCxsed
fUvZxC/ARDHOljIQHglax1GWMRT1RR8idpAZoGvVxDEtygyfYLFhwIWITdffyR6G
CUY16Sjp1tWa6wADjal+pz1tE9V8n67tkNbGtZcwF7N2bAMfAmMTVG0LuOyWZWgC
DU2kOEX6lU6/Y/M+oY73yXzMf/fGdO6RI1SpVhBOiIBeRK7901JXng/IXAcV3k9D
tjw8C8lHoClU0gbNJuiEXFwWXIB6cUg0/55V4cuBFdHhqShBWdaVaLE/N5HSDhrp
ISoD+mcoBZs+QlP7gF2w+G+qvOq5BZB2Np/5WETs5Sk8HlFaWz2pseGN2t8AetvZ
iAvOQuKF2Kq+dg3dzOGj
=83vn
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54C918D2.7090805>