named validating @0x...: ... SOA: no valid signature found

Casey Deccio casey at
Fri Jul 20 14:12:38 UTC 2012

On Fri, Jul 20, 2012 at 6:03 AM, Brian J. Murrell <brian at>wrote:

> On 12-07-20 08:34 AM, Brian J. Murrell wrote:
> >
> > The problem here seems to be fragmented UDP.
> I seem to have misdiagnosed this due to tcpdump peculiarities.  I only
> initially saw/suspected the problem since my capture for port 53
> packets was including (only the first) ipv4 fragments.  When adding a
> capture specifically to get all ipv4 fragments in addition to my port
> 53 packets, I do see all of the fragments.
Just because you see the fragments on the wire doesn't mean they're getting
past the local firewall and being reassembled.  For example, if you're
using ip6tables on a Linux kernel <= 2.6.20 IPv6 fragments aren't allowed
through properly [1].  What OS/kernel are you using?


[1] See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list