[Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

Simon Kelley simon at thekelleys.org.uk
Sat Jan 10 15:37:07 GMT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OK, that's useful, but not good. The last thing DNSSEC/IPv6 needs is
yet another reason why network access which used to work now doesn't.

edns-packet-max=1280 seems to be working fine here. Please let me know
if you find anything more.

Cheers,

Simon.



On 09/01/15 21:34, Dave Taht wrote:
> I strongly suspect an ipv6 fragmentation handling bug in the
> kernel version cerowrt uses. Have tons of evidence pointing to that
> now, starting with some tests run last year from iwl and also the
> tests that netalyzer was doing. And: I just locked up the box
> completely while doing some dnssec stuff.
> 
> will go through kernel git logs and see what has happened there
> since 3.10.50.
> 
> Turning on the edns-packet-max feature now, however, as I lack time
> to poke into this in more detail, and we're supposed to be testing
> dnssec as it is....
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUsUcjAAoJEBXN2mrhkTWigEgP/id/tK0SSnRlrnwazoNe1aCg
jgJ0MyDHAxtKhqJgDPniMyScld185lCQ5nE87k6YM2EOW2Os5G4Xos15Pg8R+s8c
Nd5OD0R/sPWnIjD7f8JKN8RndYNBqB5kUiT/OErDW6R0AR+G5kkvMjMppDPUVpPL
JZ+8xckaeIfOSC/x18thRgc2IczLOmzo9cgXgA7PieV70+Zi3nN6ALOc62xeiizU
sAje24z/lBC9J9B+rTnhs3LuL8CCTcMFxqIv66vaNvrCCSvSk5mV4JR6bqHz2U8X
UNo3fXogjNKhFU1n1EeQPKSmb8okoCmtDXZxGCw8HNqmp9tVm2k9LyUFZnc/ojGA
bnF2/h/vwX3FxJE9BZ0rBNFdwn63RO5LYAt54iyRW78NhoWgsp7BZEdsU0R1j6/V
/FpEGXvLRAQ6Iof9sVLMHEVXrIXvEZOHFv0dm5BnIBxIEtKGaNnMRIYV8B0/cpwT
PFcgyTUxYt7tLaRBbnxgVPT9pBcTnUj9WkAifAE4cs82X5FDZP3ht/jOGb84vkU0
H5fxILYgzj7qfbMOIJdpCjjZ9WgK5pwVpid6KtUntL1kQRawn809gWHrdM1Gwg5z
QW/qB2U2VGJ+bCcMIPzbD4H8Ka0j2pbiYpRMlKTXWEdqXSOrvSRX2IpQeDUxu717
dRCGR0Pgyz+VSjoJ8wyY
=A4Ct
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list