named validating @0x...: ... SOA: no valid signature found
casey at deccio.net
Fri Jul 20 14:12:38 UTC 2012
On Fri, Jul 20, 2012 at 6:03 AM, Brian J. Murrell <brian at interlinx.bc.ca>wrote:
> On 12-07-20 08:34 AM, Brian J. Murrell wrote:
> > The problem here seems to be fragmented UDP.
> I seem to have misdiagnosed this due to tcpdump peculiarities. I only
> initially saw/suspected the problem since my capture for port 53
> packets was including (only the first) ipv4 fragments. When adding a
> capture specifically to get all ipv4 fragments in addition to my port
> 53 packets, I do see all of the fragments.
Just because you see the fragments on the wire doesn't mean they're getting
past the local firewall and being reassembled. For example, if you're
using ip6tables on a Linux kernel <= 2.6.20 IPv6 fragments aren't allowed
through properly . What OS/kernel are you using?
 See https://dnssec.surfnet.nl/?p=464
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users