On Wed, 28-Jan-2015 at 10:04:57 -0800, Freddie Cash wrote:
> On Wed, Jan 28, 2015 at 9:53 AM, Lev Serebryakov wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On 28.01.2015 20:38, Matthew Seaman wrote:
> >
> > > What do you get if you run the reply size test at DNS-OARC ?
On Fri, Jan 30, 2015 at 10:11 PM, David DeSimone
wrote:
> Kevin Oberman wrote:
> >
> > For ipfw you need something like "allow ip from any to me frag". If you
> > want to restrict this to DNS, restrict it to dst-port 53.
>
> Unfortunately, UDP fragments only contain the port number in the very
>
Kevin Oberman wrote:
>
> For ipfw you need something like "allow ip from any to me frag". If you
> want to restrict this to DNS, restrict it to dst-port 53.
Unfortunately, UDP fragments only contain the port number in the very first
fragment. So you will not be able to forward the later fragment
On Fri, 30 Jan 2015 16:57:28 -0800, Kevin Oberman wrote:
> On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov wrote:
> > I could not resolve names with DNSSEC (for example, in freebsd.org
> > domain) on two of my installations, one with FreeBSD 11 and other with
> > FreeBSD 9.3.
> >
> > Sym
On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
> I could not resolve names with DNSSEC (for example, in freebsd.org
> domain) on two of my installations, one with FreeBSD 11 and other with
> FreeBSD 9.3.
>
> Symptoms are the same:
On Wed, Jan 28, 2015 at 9:53 AM, Lev Serebryakov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 28.01.2015 20:38, Matthew Seaman wrote:
>
> > What do you get if you run the reply size test at DNS-OARC ?
> >
> > https://www.dns-oarc.net/oarc/services/replysizetest
> 0 lines (em
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 28.01.2015 20:38, Matthew Seaman wrote:
> What do you get if you run the reply size test at DNS-OARC ?
>
> https://www.dns-oarc.net/oarc/services/replysizetest
0 lines (empty answer) at CURRENT, only "rst.x1013.rs.dns-oarc.net."
on 9.3.
Looks
On 01/28/15 17:13, Lev Serebryakov wrote:
>
> I could not resolve names with DNSSEC (for example, in freebsd.org
> domain) on two of my installations, one with FreeBSD 11 and other with
> FreeBSD 9.3.
>
> Symptoms are the same: answer is sent as fragmented IP/UDP packet and
> second part of ans
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I could not resolve names with DNSSEC (for example, in freebsd.org
domain) on two of my installations, one with FreeBSD 11 and other with
FreeBSD 9.3.
Symptoms are the same: answer is sent as fragmented IP/UDP packet and
second part of answer is
