On 24-Feb-25 17:54, Peter 'PMc' Much wrote:
tcpdump was friendly enough to tell me I should use -vv option, only I didn't read that at first. Then it clearly shows that these packets have invalid checksums. :(And that is apparently reason enough to just drop them without notice. Now how they aquire broken checksums, and why they start to do so two days ago (because I find some successful XFR in the log, until Feb-22), that is another story.
A couple of hints:The bad checksums may be a false lead. If you have a network interface that off-loads checksum computation, the checksum (valid or invalid) may not appear in the user/trace buffer. (Depends on the interface & driver.)
If your NAT is changing IP addresses, it may not recompute the checksum (for the same reason - you can't count on it being valid in the buffer).
You can mark packets with IPtables to make tracking/logging easier. Timothe Litt ACM Distinguished Engineer -------------------------- This communication may not represent the ACM or my employer's views, if any, on the matters discussed.
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
