[Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

Simon Kelley simon at thekelleys.org.uk
Wed May 6 22:06:18 BST 2015



> All the above is on IPv4. Dave are you using IPv6? I'll try that next.


Right, using a SIXXS tunnel, I never see a reply to the query for DNSKEY
org query. Presumably something in the IPv6 connection is failing to do
fragmentation/reassembly. The dig times out without an answer.

Dropping edns-packet-max by one is enough to force fallback to TCP and
it all works.

The MTU if the SIXXs IPv6 network interface is 1428. Failure to receive
UDP packets larger than the MTU is a bigger bug than DNS, but I don't
know if it's a SIXXS problem or a wider IPv6 one.

Is this the failure mode (No reply to the .org query) that you're seeing
Dave?


Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list