Another thing to consider, especially if you are playing wild games routing through tunnels and such, is to verify the server has a route back to the client. If something in the LAN can reach it, like the first dump, but off-net gets no response, like the second, that’s a classic cause.
On Mon, Feb 24, 2025 at 4:19 PM Timothe Litt via bind-users < bind-users@lists.isc.org> wrote: > On 24-Feb-25 17:54, Peter 'PMc' Much wrote: > > tcpdump was friendly enough to tell me I should use -vv option, > only I didn't read that at first. > Then it clearly shows that these packets have invalid checksums. :( > > And that is apparently reason enough to just drop them without > notice. > > Now how they aquire broken checksums, and why they start to > do so two days ago (because I find some successful XFR in the log, > until Feb-22), that is another story. > > A couple of hints: > > The bad checksums may be a false lead. If you have a network interface > that off-loads checksum computation, the checksum (valid or invalid) may > not appear in the user/trace buffer. (Depends on the interface & driver.) > > If your NAT is changing IP addresses, it may not recompute the checksum > (for the same reason - you can't count on it being valid in the buffer). > > You can mark packets with IPtables to make tracking/logging easier. > > > Timothe Litt > ACM Distinguished Engineer > -------------------------- > This communication may not represent the ACM or my employer's views, > if any, on the matters discussed. > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
