On 30.10.13 21:58, Samp, Daniel [USA] wrote:
In the past when I've had issues with certain .gov sites (e.g. noaa.gov,
nih.gov, ssa.gov) it was due to application based filtering (layer 4).
For some reason the responses from these sites are more often than not
fragmented and if you have something doing filtering based on ports it may
not be delivering the follow-up fragments because they do not have the tcp
headers. Do a tcpdump of your DNS traffic from noaa.gov and check to see
if reponses are being fragmented and whether you are receiving all of the
fragments.
We had to set edns-udp-size to 512 as a workaround until we
could identify the problematic piece of hardware.
this is a server option, not a client option. did you have to set this on
your recursive servers, because HW between them and your clients was
problematic?
If you did find the culprit, can you tell us who was it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
