Saw this at startup:
18:09:14.595420 IP (tos 0x0, ttl 57, id 35985, offset 0, flags [none], proto
UDP (17), length 1167)
192.58.128.30.53 > 24.116.100.90.53955: [udp sum ok] 64207*- q: DNSKEY? .
4/0/1 . DNSKEY, . DNSKEY, . DNSKEY, . RRSIG ar: . OPT UDPsize=1472 DO (1139)
18:09:14.597537 IP (
> On May 14, 2022, at 12:35 AM, Matus UHLAR - fantomas
> wrote:
>
> On 13.05.22 10:06, Philip Prindeville wrote:
>> After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started
>> seeing a lot of:
>>
>>
>> May 12 19:24:06 OpenWrt named[11061]: validating ./NS: no valid signature
On 13.05.22 10:06, Philip Prindeville wrote:
After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started seeing
a lot of:
May 12 19:24:06 OpenWrt named[11061]: validating ./NS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: validating net/DS: no valid signature
fou
Your MTU is not the point. It's what happens beyond your equipment that may
have a bearing. However, as I said, I don't think IP fragmentation will be
your problem in this case, so that's a whole other discussion for a
different day.
pcaps are your friend though. From a packet capture you can see e
My MTU is 1500 bytes, so I don't think that's the problem.
But UDP can fragment via IP...
> On May 13, 2022, at 10:34 AM, Greg Choules
> wrote:
>
> Hi Philip.
> Can you run packet captures? I'm running 9.18.0 (close enough?) in Docker and
> just traced what happens going from "dnssec-validat
Hi Philip.
Can you run packet captures? I'm running 9.18.0 (close enough?) in Docker
and just traced what happens going from "dnssec-validation no;" to
"dnssec-validation auto;" It makes a DNSKEY query for "." to one of the
roots. The response size was over 900 bytes, so depending on what UDP
paylo
6 matches
Mail list logo
