Hi all I'm in the process of migrating from Solaris 11 to OpenIndiana, of which I do not have much experience. Pleae bear with me.
I switched our DNS from Sol 11.3 to OI illumos-cd964fce75. After that, I noticed that some reply packets sent by the new server would no longer get through the firewalls. The reason appears to be that they are fragmented, but still have the DF (dont-fragment) flag set. This happens whenever a reply packet is larger than the interface's MTU (1500), which is easily reached with any DNSSEC enabled query. Solaris in the same situation also fragments the reply packet, but does not set the DF flag. Does anybody know a way to change that behaviour? Found nothing in dladm and ipadm, and this behaviour is weird. Thx /markus _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
