[Unbound-users] fragmentation
shmick at riseup.net
shmick at riseup.net
Fri Sep 12 15:01:23 UTC 2014
hi
i am testing 2 boxes on debian jessie with identical unbound configs
(with the exception of 1 using forwarding to a dnscrypt resolver; this
box does not suffer fragmentation)
both same wired LAN, they also both access the same gateway and firewall
and essentially have same iptables rules
i tested them using
$ dig +short rs.dns-oarc.net txt
1st box seems ok (dnscrypt forwarding, do-not-query-localhost: no)
rst.x4091.rs.dns-oarc.net.
rst.x3837.rs.dns-oarc.net.
rst.x3822.rs.dns-oarc.net.
but the other sees fragmentation (direct access; no forwarding)
rst.x1002.rs.dns-oarc.net.
rst.x1432.rs.dns-oarc.net.
rst.x1397.x1432.rs.dns-oarc.net.
rst.x1403.x1432.rs.dns-oarc.net.
what could i inspect for the issue ?
what happens if the box suffering fragmentation is doing large DNSSEC
querying/answering - will it revert to truncation and is that extraneous
extra processing and therefore longer duration of time for dns processing ?
More information about the Unbound-users
mailing list